document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-30 02:40:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from LCTT/master

Browse Source 
Update Repo
This commit is contained in:
joeren 2015-06-10 07:52:19 +08:00
commit 91d281ff26
26 changed files with 3418 additions and 489 deletions
README.md
published
20150420 Managing file and directory attributes in linux using chattr and lsattr command.md20150423 How IP forwarding Helps Connecting Private interface to Internet in Linux.md20150429 How To Integrate Apache2 With Tomcat 7 Using mod_jk Connector.md20150506 First Step Guide for Learning Shell Scripting.md20150604 Ubuntu's Juju Now Supports systemd and Google Cloud Platform.md
sources
share
20141013 Compact Text Editors Great for Remote Editing and Much More.md
tech
20150209 How to access Feedly RSS feed from the command line on Linux.md20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md20150515 Install 'Tails 1.4′ Linux Operating System to Preserve Privacy and Anonymity.md20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md
RHCSA Series
RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.mdRHCSA Series--Part 02--How to Perform File and Directory Management.mdRHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.mdRHCSA Series--Part 04--Editing Text Files with Nano and Vim or Analyzing text with grep and regexps.mdRHCSA Series--Part 05--Process Management in RHEL 7--Boot Shutdown and Everything in Between.mdRHCSA Series--Part 06--Using 'Parted' and 'SSM' to Configure and Encrypt System Storage.mdRHCSA Series--Part 07--Using ACLs (Access Control Lists) and Mounting Samba or NFS Shares.mdRHCSA Series--Part 08--Securing SSH, Setting Hostname and Enabling Network Services.mdRHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.mdRHCSA Series--Part 10--Yum Package Management, Automating Tasks with Cron and Monitoring System Logs.mdRHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.mdRHCSA Series--Part 12--Automate RHEL 7 Installations Using 'Kickstart'.mdRHCSA Series--Part 13--Mandatory Access Control Essentials with SELinux in RHEL 7.md
translated
share
20141013 Compact Text Editors Great for Remote Editing and Much More.md
tech
20150515 Install 'Tails 1.4′ Linux Operating System to Preserve Privacy and Anonymity.md

6
README.md
View File

@ -50,6 +50,7 @@ LCTT的组成
* 2014/11/04 提升zpl1025为Core Translators成员。
* 2014/12/25 提升runningwater为Core Translators成员。
* 2015/04/19 发起 LFS-BOOK-7.7-systemd 项目。
* 2015/06/09 提升ictlyh和dongfengweixiao为Core Translators成员。
活跃成员
-------------------------------
@ -63,6 +64,8 @@ LCTT的组成
- CORE @reinoir,
- CORE @bazz2,
- CORE @zpl1025,
- CORE @ictlyh,
- CORE @dongfengweixiao
- Senior @tinyeyeser,
- Senior @vito-L,
- Senior @jasminepeng,
@ -76,7 +79,6 @@ LCTT的组成
- @alim0x,
- @2q1w2007,
- @theo-l,
- @ictlyh,
- @FSSlc,
- @su-kaiyao,
- @blueabysm,
@ -167,7 +169,7 @@ LFS 项目活跃成员有:
- @KevinSJ
- @Yuking-net
更新于2015/05/31以Github contributors列表排名
更新于2015/06/09以Github contributors列表排名
谢谢大家的支持!

22
translated/tech/20150420 Managing file and directory attributes in linux using chattr and lsattr command.md → published/20150420 Managing file and directory attributes in linux using chattr and lsattr command.md
View File

@ -1,11 +1,11 @@
在Linux中用chattr和lsattr命令管理文件和目录属性
================================================================================
为了允许添加数据,防止更改或者删除等,文件和文件夹中设定了一定的控制属性。例如,你可以在关键系统文件或者文件夹中启用属性然后没有用户包括root可以删除或者修改它不允许比如dump命令等备份工具去备份一个特定的文件或者文件夹等等。这些属性只可以在ext2ext3或者ext4文件系统中的文件和文件夹上设定。
为了允许添加数据,防止更改或者删除等,文件和文件夹可以设定了特定的控制属性。例如,你可以在关键的系统文件或者文件夹中启用属性,然后没有任何用户包括root可以删除或者修改它比如不允许使用像dump这样的命令等备份工具去备份一个特定的文件或者文件夹等等。这些属性只可以在ext2ext3或者ext4文件系统中的文件和文件夹上设定。
有两个命令 **lsattr****chattr** 用来管理属性。下面是常用属性的列表。
注:表格代码
<table width="482" cellspacing="0" cellpadding="4" style="height: 651px">
<table width="482" cellspacing="0" cellpadding="4" border="1">
<colgroup>
<col width="112">
<col width="514"> </colgroup>
@ -63,7 +63,7 @@
<p align="justify" class="western">e (extent format)</p>
</td>
<td width="514">
<p align="justify" class="western">它表明,该文件使用扩展到映射磁盘上的块</p>
<p align="justify" class="western">它表明,该文件使用磁盘上的块的映射扩展</p>
</td>
</tr>
<tr valign="top">
@ -71,7 +71,7 @@
<p align="justify" class="western">i (immutable)</p>
</td>
<td width="514">
<p align="justify" class="western">在文件上启用这个属性时,我们不能更改重命名或者删除这个文件</p>
<p align="justify" class="western">在文件上启用这个属性时,我们不能更改重命名或者删除这个文件</p>
</td>
</tr>
<tr valign="top">
@ -96,14 +96,14 @@
chattr属性中可以使用的不同选项
- **-R** 递归地修改文件夹和子文件夹的属性
- **-V** chattr命令的输出伴随版本信息
- **-f** 压缩大部分错误信息
- **-V** chattr命令会输出带有版本信息的冗余信息
- **-f** 忽略大部分错误信息
在chattr中用于设置或者取消属性的 **操作符**
- + 符号用来为文件和文件夹设置属性,
- - 符号用来移除或者取消属性
- = 使它们成为文件有的唯一属性。
- '+' 符号用来为文件和文件夹设置属性,
- '-' 符号用来移除或者取消属性
- '=' 使它们成为文件有的唯一属性。
**chattr** 和 **lsattr** 命令的基本语法
@ -120,7 +120,7 @@ chattr属性中可以使用的不同选项
现在试着删除或者修改文件
[root@linuxtechi ~]# rm -f dummy_data
rm: cannot remove dummy_data: Operation not permitted
rm: cannot remove 'dummy_data': Operation not permitted
[root@linuxtechi ~]# echo "test" >> dummy_data
-bash: dummy_data: Permission denied
@ -193,7 +193,7 @@ via: http://www.linuxtechi.com/file-directory-attributes-in-linux-using-chattr-l
作者:[Pradeep Kumar][a]
译者:[ictlyh](https://github.com/ictlyh)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

17
translated/tech/20150423 How IP forwarding Helps Connecting Private interface to Internet in Linux.md → published/20150423 How IP forwarding Helps Connecting Private interface to Internet in Linux.md
View File

@ -1,12 +1,13 @@
Linux 上IP转发如何帮助专用接口连接到互联网
如何在 Linux 上用 IP转发使内部网络连接到互联网
================================================================================
大家好,今天我们学习一下在 Linux 上用 iptables 实现从一个网络接口到另一个接口的IP转发或者数据包转发。IP转发的概念是使 Linux 机器像路由器一样将数据从一个网络发送到另一个网络。所以,它能作为一个**路由器**或者代理服务器,实现从一个连接到多个客户端机器的共享互联网或者网络连接。
大家好,今天我们学习一下在 Linux 上用 iptables 实现从一个网络接口到另一个接口的IP转发数据包转发。IP转发的概念是使 Linux 机器像路由器一样将数据从一个网络发送到另一个网络。所以,它能作为一个**路由器**或者代理服务器,实现将一个连接的互联网或者网络连接共享给多个客户端机器。
这是一些启用IP转发或网络包转发方法的简单步骤。
### 1. 启用 IPv4 转发 ###
首先,我们打算在我们的 Linux 操作系统上启用 IPv4 转发。要做到这点,我们需要用 sudo 模式在 shell 或终端下执行下面的命令。
首先,我们需要在我们的 Linux 操作系统上启用 IPv4 转发。要做到这点,我们需要用 sudo 模式在 shell 或终端下执行下面的命令。
$ sudo -s
@ -14,7 +15,7 @@ Linux 上IP转发如何帮助专用接口连接到互联网
![临时IP转发](http://blog.linoxide.com/wp-content/uploads/2015/03/ip-forward-temporary.png)
**注意上面的命令能马上启用ip转发但只是临时的直到下一次重启。要永久启用我们需要使用我们喜欢的文本编辑器打开 /etc/sysctl.conf 文件。**
**注意上面的命令能马上启用ip转发但只是临时的直到下一次重启。要永久启用我们需要使用我们惯用的文本编辑器打开 /etc/sysctl.conf 文件。**
# nano /etc/sysctl.conf
@ -38,13 +39,13 @@ Linux 上IP转发如何帮助专用接口连接到互联网
![Ifconfig](http://blog.linoxide.com/wp-content/uploads/2015/03/ifconfig.png)
这里,在我们的机器中, eth2 是连接到互联网或者网络的网卡接口, wlan2 是我们要使用 iptables 从 eth2 转发数据包的接口。要做到这点,我们需要运行以下命令。
这里,在我们的机器中, eth2 是连接到互联网或者网络的网卡接口, wlan2 是我们要使用 iptables 从 eth2 转发数据包的接口。要实现转发,我们需要运行以下命令。
# iptables -A FORWARD -i wlan2 -o eth2 -j ACCEPT
注意:请用你 Linux 机器中的可用设备名称替换 wlan2 和 eth2。
现在,由于网络过滤器是一个无状态的防火墙,我们要用 iptables 允许已建立的连接通过。要做到这点,我们要运行下面的命令。
现在,由于netfilter/iptables是一个无状态的防火墙我们需要让 iptables 允许已建立的连接通过。要做到这点,我们要运行下面的命令。
# iptables -A FORWARD -i eth2 -o wlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT
@ -60,7 +61,7 @@ Linux 上IP转发如何帮助专用接口连接到互联网
### 总结 ###
最后,用安装的 iptables 作为防火墙解决方案,我们在我们的 Linux 机器上成功的配置了从一个接口到另一个接口的数据包转发。这篇文章允许你的专用接口连接到互联网,你不需要桥接接口,而是路由从一个接口进来的数据包到另一个接口,就是这些。如果你有任何问题、建议、反馈,请写到下面的评论框中,然后我们可以改进或更新我们的内容。非常感谢!享受吧 :-)
最后,我们在我们以 iptables 作为防火墙 Linux 机器上成功的配置了从一个接口到另一个接口的数据包转发。这篇文章教给你将你的私有接口连接到互联网,不需要桥接接口,而是将从一个接口进来的数据包路由到另一个接口。就是这些,如果你有任何问题、建议、反馈,请写到下面的评论框中,然后我们可以改进或更新我们的内容。非常感谢!享受吧 :-)
--------------------------------------------------------------------------------
@ -68,7 +69,7 @@ via: http://linoxide.com/firewall/ip-forwarding-connecting-private-interface-int
作者:[Arun Pyasi][a]
译者:[ictlyh](https://github.com/ictlyh)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

54
translated/tech/20150429 How To Integrate Apache2 With Tomcat 7 Using mod_jk Connector.md → published/20150429 How To Integrate Apache2 With Tomcat 7 Using mod_jk Connector.md
View File

@ -1,65 +1,63 @@
如何用mod_jk连接器来集成Apache2和Tomcat 7
================================================================================
Apache是最流行的web服务器通常用来接收客户端的请求并响应。它得到一个URL并将它翻译成一个文件名或者静态请求并将文件从本地磁盘中通过因特网返回,或者将它翻译成程序名执行它接着将输出返回给请求方。如果web服务器不能处理和完成请求它会返回一个错误信息。
Apache是最流行的web服务器,它通常用来接收客户端的请求并响应。它得到一个URL并将它翻译成一个文件名或者静态请求并将文件从本地磁盘中取出,通过因特网返回;或者将它翻译成程序执行它接着将输出返回给请求方。如果web服务器不能处理和完成请求它会返回一个错误信息。
在本篇中我们会列出Apache的特性以及我们该如何用mod_jk连接器来集成Tomcat7和Tomcat8.
在本篇中我们会列出Apache的特性以及我们该如何用mod\_jk连接器来集成Tomcat 7和Tomcat 8.
### Apache的特性 ###
如我们所说Apache是最流行的web服务器。下面是流行背后的原因
- 它是自由工具,你可以很简单地下载和安装
- 它开放源码因此你可以查看源码,调整它,优化它,并且修复错误和安全漏洞。也可以增加新的功能和模块。
- 它开放源码因此你可以查看源码,调整它,优化它,并且修复错误和安全漏洞。也可以增加新的功能和模块。
- 它可以用在只有一两个页面的小网站,或者是有成千上万个页面的大网站,每月处理上百万的常规访问者的请求。它可以同时处理静态和动态内容。
- 提高的缓存模块mod_cache、 mod_disk_cache、 mod_mem_cache
- 改进的缓存模块mod\_cache、 mod\_disk\_cache、 mod\_mem\_cache
- Apache 2 支持 IPv6.
### Tomcat 目录 ###
### Tomcat 目录 ###
${tomcat_home} 是tomcat的根目录。你的tomcat安装应该有下面的子目录
- ${tomcat_home}\conf 存放不同配置文件的地方
- ${tomcat_home}\webapps 包含示例程序
- ${tomcat_home}\bin 存放插件的地方
- ${tomcat_home}\bin 存放你的Web服务器的插件的地方
### Mod_jk 模块 ###
mod_jk有两种可接受的方式二进制或者源码。取决于你运行的web服务器的平台二进制版本的mod_jk也许可以找到。如果有二进制版本的话建议使用这个。
mod\_jk有两种可接受的方式二进制或者源码。取决于你运行的web服务器的平台也许有符合你的平台的二进制版本的mod\_jk。如果有的话建议使用这个。
mod_jk模块在这些平台上开发及测试过
mod\_jk模块在这些平台上开发及测试过
- Linux、 FreeBSD、 AIX、 HP-UX、 MacOS X、 Solaris ,应该在主流的Unix平台上都支持Apache 1.3 和/或者 2.x。
- 0-i386 SP4/SP5/SP6a (应该可以于其他的服务包一起工作), Win2K and WinXP and Win98
- Linux、 FreeBSD、 AIX、 HP-UX、 MacOS X、 Solaris 应该在主流的支持Apache 1.3 和/或者 2.x的Unix平台上都工作
- WinNT 4.0-i386 SP4/SP5/SP6a (应该可以与其他的服务包一起工作), Win2K 和 WinXP 和 Win98
- Cygwin (需要你有apache服务器及autoconf/automake支持工具)
- Netware
- i5/OS V5R4 (System I) 中的 Apache HTTP Server 2.0.58。 确保已经安装了Apache PTF
- Tomcat 3.2 到 Tomcat 8.
- i5/OS V5R4 (System I) ,带有 Apache HTTP Server 2.0.58。 确保已经安装了最新的 Apache PTF
- Tomcat 3.2 到 Tomcat 8
The mod_jk 需要两个组件:
The mod\_jk 需要两个组件:
- **mod_jk.xxx** Apache HTTP服务器模块取决于你的操作系统它可能是mod_jk.so、mod_jk.nlm或者MOD_JK.SRVPGM。
- **workers.properties** - 描述主机以及处理器使用的端口Tomcat进程。在下载的源码内可以在conf目录下找到workers.properties文件。
- **mod\_jk.xxx** Apache HTTP服务器模块取决于你的操作系统它可能是mod\_jk.so、mod\_jk.nlm或者mod\_jk.SRVPGM。
- **workers.properties** - 描述Worker Tomcat进程所用的主机以及处理器使用的端口。在下载的源码的conf目录下找到示例的workers.properties文件。
和Apache HTTP服务器其他的模块一样mod_jk应该安装在你的Apache服务器下的模块目录下/usr/lib/apache你应该更新你的**httpd.conf**文件。
和Apache HTTP服务器其他的模块一样mod\_jk应该安装在你的Apache服务器下的模块目录下/usr/lib/apache而且你应该更新你的**httpd.conf**文件。
### 安装 ###
它需要非root用户在安装钱使用“sudo”特权。现在我们开始安装我们将使用下面的命令来安装Apache2和Tomcat
在开始安装前非root用户需要使用“sudo”特权。现在我们开始安装我们将使用下面的命令来安装Apache2和Tomcat
sudo apt-get install apache2
sudo apt-get install apache2
sudo apt-get install tomcat7
sudo apt-get install tomcat7-admin
下面在我们将会使用下面的命令来创建一个测试程序:
下面,我们将会使用如下的命令来创建一个测试程序:
cd /var/lib/tomcat7/webapps
sudo mkdir tomcat-demo
sudo mkdir tomcat-demo/goodmoring
sudo vim tomcat-demo/helloworld/index.jsp
粘贴下面的代码:
粘贴下面的代码到上述的 index.jsp
<HTML>
<HEAD>
@ -71,19 +69,19 @@ The mod_jk 需要两个组件:
</BODY>
</HTML>
一切完毕后我们将使用下面的命令安装和配置mod_jk:
一切完毕后我们将使用下面的命令安装和配置mod\_jk:
sudo apt-get install libapache2-mod-jk
我们使用下面的命令启用Tomcat的8443转发端口
我们需要使用下面的命令启用Tomcat的8443转发端口
sudo vim /etc/tomcat7/server.xml
我们将解除下面的注释行:
解除下面的注释行:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
之后,我们将用下面的命令Apache创建workers.properties文件
之后,我们将用下面的命令Apache创建workers.properties文件
sudo vim /etc/apache2/workers.properties
@ -123,7 +121,7 @@ The mod_jk 需要两个组件:
### 总结 ###
在本篇中我们展示了你该如何使用mod_jk连接器配置和安装Apache2以及Tomcat7。
在本篇中我们展示了你该如何使用mod\_jk连接器配置和安装Apache2以及Tomcat7。
--------------------------------------------------------------------------------
@ -131,7 +129,7 @@ via: http://www.unixmen.com/integrate-apache2-tomcat-7-using-mod_jk-connector/
作者:[anismaj][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

60
translated/tech/20150506 First Step Guide for Learning Shell Scripting.md → published/20150506 First Step Guide for Learning Shell Scripting.md
View File

@ -1,4 +1,4 @@
Shell脚本学习初次操作指南
Shell脚本编程初体验
================================================================================
![](http://blog.linoxide.com/wp-content/uploads/2015/04/myfirstshellscript.jpg)
@ -18,33 +18,33 @@ Linux世界中最为流行的shell脚本语言之一就是bash。而我认为
shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象成能帮你做事的那些人只要你用正确的方式来请求他们去做。比如说你想要写文档。首先你需要纸。然后你需要把内容说给某个人听让他帮你写。最后你想要把它存放到某个地方。或者说你想要造一所房子因而你需要请合适的人来清空场地。在他们说“事情干完了”那么另外一些工程师就可以帮你来砌墙。最后当这些工程师们也告诉你“事情干完了”的时候你就可以叫油漆工来给房子粉饰了。如果你让油漆工在墙砌好前就来粉饰会发生什么呢我想他们会开始发牢骚了。几乎所有这些像人一样的命令都会说话如果它们完成了工作而没有发生什么问题那么它们就会告诉“标准输出”。如果它们不能做你叫它们做的事——它们会告诉“标准错误”。这样最后所有的命令都通过“标准输入”来听你的话。
快速实例——当你打开linux终端并写一些文本时——你正通过“标准输入”和bash说话。那么让我们来问问bash shell **who am i**吧。
快速实例——当你打开linux终端并写一些文本时——你正通过“标准输入”和bash说话。那么让我们来问问bash shell **who am i(我是谁?)**吧。
root@localhost ~]# who am i <--- you speaking through the standard input to bash shell
root pts/0 2015-04-22 20:17 (192.168.1.123) <--- bash shell answering to you through the standard output
root@localhost ~]# who am i <--- 你通过标准输入对 bash shell
root pts/0 2015-04-22 20:17 (192.168.1.123) <--- bash shell通过标准输出回答你
现在让我们说一些bash听不懂的问题
[root@localhost ~]# blablabla <--- 你又在和标准输入说话了
-bash: blablabla: command not found <--- bash通过标准错误在发牢骚了
”之前的第一个单词通常是向你发牢骚的命令。实际上,这些流中的每一个都有它们自己的索引号:
:”之前的第一个单词通常是向你发牢骚的命令。实际上,这些流中的每一个都有它们自己的索引号LCTT 译注:文件句柄号)
- 标准输入(**stdin** - 0
- 标准输出(**stdout** - 1
- 标准错误(**stderr** - 2
如果你真的想要知道哪个输出命令说了些什么——你需要重定向(在命令后使用大于号“>”和流索引)那次发言到文件:
如果你真的想要知道哪个输出命令说了些什么——你需要将那次发言重定向(在命令后使用大于号“>”和流索引)文件:
[root@localhost ~]# blablabla 1> output.txt
-bash: blablabla: command not found
在本例中我们试着重定向1**stdout**到名为output.txt的文件。让我们来看对该文件内容所做的事情吧使用cat命令可以做这事
在本例中,我们试着重定向1**stdout**到名为output.txt的文件。让我们来看对该文件内容所做的事情吧使用cat命令可以做这事
[root@localhost ~]# cat output.txt
[root@localhost ~]#
看起来似乎是空的。好吧现在让我们来重定向2**stderr**
看起来似乎是空的。好吧,现在让我们来重定向2**stderr**
[root@localhost ~]# blablabla 2> error.txt
[root@localhost ~]#
@ -77,17 +77,17 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
rm: cannot remove `folder1': Is a directory
[root@localhost ~]#
正如我们所看到的,不同的流被分离到了不同的文件。有时候,这也不很方便,因为我们想要查看出现错误时,在某些操作前面或后面所连续发生的事情。要实现这一目的,我们可以重定向两个流到同一个文件:
正如我们所看到的,不同的流被分离到了不同的文件。有时候,这也不很方便,因为我们想要查看出现错误时,在某些操作前面或后面所连续发生的事情。要实现这一目的,我们可以重定向两个流到同一个文件:
command >>out_err.txt 2>>out_err.txt
注意:请注意,我使用“>>”替代了“>”。它允许我们附加到文件,而不是覆盖文件。
我们可以重定向一个流到另一个:
我们可以重定向一个流到另一个:
command >out_err.txt 2>&1
让我来解释一下吧。所有命令的标准输出将被重定向到out_err.txt错误输出将被重定向到1-st流(上面已经解释过了),而该流会被重定向到同一个文件。让我们看这个实例:
让我来解释一下吧。所有命令的标准输出将被重定向到out_err.txt错误输出将被重定向到1上面已经解释过了而该流会被重定向到同一个文件。让我们看这个实例
[root@localhost ~]# rm -fv folder2 file2 >out_err.txt 2>&1
[root@localhost ~]# cat out_err.txt
@ -127,7 +127,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
如果你打算grep一些双引号引起来带有空格的内容呢
注意: fdisk命令显示关于Linux操作系统磁盘驱动器的信息
注意fdisk命令显示关于Linux操作系统磁盘驱动器的信息
就像我们看到的,这种方式很不方便,因为我们不一会儿就把临时文件空间给搞乱了。要完成该任务,我们可以使用管道。它们允许我们重定向一个命令的**stdout**到另一个命令的**stdin**流:
@ -147,11 +147,11 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
正如我们所知道的通常与shell的交流以及shell内的交流是以对话的方式进行的。因此让我们创建一些真正的脚本吧这些脚本也会和我们讲话。这会让你学到一些简单的命令并对脚本的概念有一个更好的理解。
假设我们是某个公司的总服务台经理我们想要创建某个shell脚本来注册呼叫信息电话号码、用户名以及问题的简要描述。我们打算把这些信息存储到普通文本文件data.txt中以便今后统计。脚本它自己就是以对话的方式工作这会让总服务台的工作人员的小日子过得轻松点。那么首先我们需要显示问题。对于现实信息我们可以用echo和printf命令。这两个都是用来显示信息的但是printf更为强大因为我们可以通过它很好地格式化输出我们可以让它右对齐、左对齐或者为信息留出专门的空间。让我们从一个简单的例子开始吧。要创建文件请使用你喜欢的文本编辑器katenanovi……然后创建名为note.sh的文件里面写入这些命令
假设我们是某个公司的总服务台经理我们想要创建某个shell脚本来注册呼叫信息电话号码、用户名以及问题的简要描述。我们打算把这些信息存储到普通文本文件data.txt中以便今后统计。脚本它自己就是以对话的方式工作这会让总服务台的工作人员的小日子过得轻松点。那么首先我们需要显示提问。对于显示信息我们可以用echo和printf命令。这两个都是用来显示信息的但是printf更为强大因为我们可以通过它很好地格式化输出我们可以让它右对齐、左对齐或者为信息留出专门的空间。让我们从一个简单的例子开始吧。要创建文件请使用你惯用的文本编辑器katenanovi……然后创建名为note.sh的文件里面写入这些命令
echo "Phone number ?"
### Script执行 ###
### 如何运行/执行脚本? ###
在保存文件后我们可以使用bash命令来运行把我们的文件作为它的参数
@ -176,7 +176,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
[root@localhost ~]# ./note.sh
Phone number ?
在脚本名前,我添加了./组合。.(点在unix世界中意味着当前位置当前文件夹/斜线是文件夹分隔符。在Windows系统中我们使用\(反斜线)实现同样功能所以这整个组合的意思是说“从当前文件夹执行note.sh脚本”。我想如果我用完整路径来运行这个脚本的话你会更加清楚一些
在脚本名前,我添加了 ./ 组合。.(点在unix世界中意味着当前位置当前文件夹/斜线是文件夹分隔符。在Windows系统中我们使用反斜线 \ 表示同样功能所以这整个组合的意思是说“从当前文件夹执行note.sh脚本”。我想如果我用完整路径来运行这个脚本的话你会更加清楚一些
[root@localhost ~]# /root/note.sh
Phone number ?
@ -184,7 +184,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
它也能工作。
如果所有linux用户都有相同的默认shell那就万事OK。如果我们只是执行该脚本默认的用户shell就会用于解析脚本内容并运行命令。不同的shell有着一丁点不同的语法、内部命令等等,所以,为了保证我们的脚本会使用**bash**,我们应该添加**#!/bin/bash**到文件首行。这样默认的用户shell将调用**/bin/bash**,而只有在那时候,脚本中的命令才会被执行:
如果所有linux用户都有相同的默认shell那就万事OK。如果我们只是执行该脚本默认的用户shell就会用于解析脚本内容并运行命令。不同的shell的语法、内部命令等等有着一丁点不同,所以,为了保证我们的脚本会使用**bash**,我们应该添加**#!/bin/bash**到文件首行。这样默认的用户shell将调用**/bin/bash**,而只有在那时候,脚本中的命令才会被执行:
[root@localhost ~]# cat note.sh
#!/bin/bash
@ -194,13 +194,13 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
### 读取输入 ###
现实信息后,脚本会等待用户回答。那儿有个**read**命令用来接收用户的回答:
显示信息后,脚本会等待用户回答。有个**read**命令用来接收用户的回答:
#!/bin/bash
echo "Phone number ?"
read phone
在执行后,脚本会等待用户输入,直到用户按[ENTER]键:
在执行后,脚本会等待用户输入,直到用户按[ENTER]键结束输入
[root@localhost ~]# ./note.sh
Phone number ?
@ -220,7 +220,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
You have entered 123456 as a phone number
[root@localhost ~]#
在**bash** shell中我们使用**$**(美元)符号作为变量标示,除了读入到变量和其它为数不多的时候(将在今后说明)。
在**bash** shell中一般我们使用**$**(美元)符号来表明这是一个变量,除了读入到变量和其它为数不多的时候才不用这个$(将在今后说明)。
好了,现在我们准备添加剩下的问题了:
@ -244,7 +244,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
太完美了剩下来就是重定向所有东西到文件data.txt了。作为字段分隔符我们将使用/(斜线)符号。
**注意** 你可以选择任何你认为是最好,但是确保文件内容不会包含这些符号在内它会导致在文本行中产生额外字段。
**注意** 你可以选择任何你认为是最好的分隔符,但是确保文件内容不会包含这些符号在内,否则它会导致在文本行中产生额外字段。
别忘了使用“>>”来代替“>”,因为我们想要将输出内容附加到文件末!
@ -262,7 +262,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
987/Jimmy/Keybord issue.
[root@localhost ~]#
**注意** **tail**命令显示了文件的最后**-n**行。
**注意** **tail**命令显示了文件的最后**n**行。
搞定。让我们再来运行一次看看:
@ -285,7 +285,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
[root@localhost ~]# date "+%Y.%m.%d %H:%M:%S"
2015.04.23 21:33:18 <---- 格式化后的输出
有几种方式可以读取命令输出到变脸,在这种简单的情况下,我们将使用`(反引号):
有几种方式可以读取命令的输出到变量,在这种简单的情况下,我们将使用`反引号,不是单引号,和波浪号~在同一个键位
[root@localhost ~]# cat note.sh
#!/bin/bash
@ -320,7 +320,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
你可以直接从控制台查找到各个命令的大量有趣的信息,只需输入:**man read, man echo, man date, man ……**
同意吗?它看上去是多了!
同意吗?它看上去是舒服多了!
[root@localhost ~]# ./note.sh
Phone number: 321
@ -331,9 +331,9 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
2015.04.23 21:43:50/321/Susane/Mouse was stolen
[root@localhost ~]#
光标在消息的后面(不是在新的一行中),这有点意思。
光标在消息的后面(不是在新的一行中),这有点意思。LCTT 译注:如果用 echo 命令输出显示的话,可以用 -n 参数来避免换行。)
循环
### 循环 ###
是时候来改进我们的脚本了。如果用户一整天都在接电话,如果每次都要去运行,这岂不是很麻烦?让我们让这些活动都永无止境地循环去吧:
@ -348,7 +348,7 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
echo "$now/$phone/$name/$issue">>data.txt
done
我已经交换了**read phone**和**now=`date`**行。这是因为我想要在输入电话号码后再获得时间。如果我把它放在循环**- the**的首行变量就会在数据存储到文件中后获得时间。而这并不好因为下一次呼叫可能在20分钟后甚至更晚。
我已经交换了**read phone**和**now=`date`**行的位置。这是因为我想要在输入电话号码后再获得时间。如果我把它放在循环的首行,那么循环一次后,变量 now 就会在数据存储到文件中后马上获得时间。而这并不好因为下一次呼叫可能在20分钟后甚至更晚。
[root@localhost ~]# ./note.sh
Phone number: 123
@ -365,11 +365,11 @@ shell脚本语言就跟和几个人聊天类似。你只需把所有命令想象
2015.04.23 21:48:16/777/Daniel/I broke my monitor
[root@localhost ~]#
注意: 要从无限循环中退出,你可以按[Ctrl]+[C]键。Shell会显示^表示Ctrl键。
注意: 要从无限循环中退出,你可以按[Ctrl]+[C]键。Shell会显示\^表示Ctrl键。
### 使用管道重定向 ###
让我们添加更多功能到我们的“弗兰肯斯坦”我想要脚本在每次呼叫后显示某个统计数据。比如说我想要查看各个号码呼叫了我几次。对于这个我们应该cat文件data.txt
让我们添加更多功能到我们的“弗兰肯斯坦Frankenstein我想要脚本在每次呼叫后显示某个统计数据。比如说我想要查看各个号码呼叫了我几次。对于这个我们应该cat文件data.txt
[root@localhost ~]# cat data.txt
2015.04.23 21:38:56/123/Jim/Script hanging.
@ -453,7 +453,7 @@ via: http://linoxide.com/linux-shell-script/guide-start-learning-shell-scripting
作者:[Petras Liumparas][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

12
translated/news/20150604 Ubuntu's Juju Now Supports systemd and Google Cloud Platform.md → published/20150604 Ubuntu's Juju Now Supports systemd and Google Cloud Platform.md
View File

@ -2,15 +2,15 @@ Ubuntu下的Juju现在支持systemd和Google Cloud Platform了
================================================================================
> Juju已经更新到1.23.3了
**Cononical旗下的Ubuntu认证公共云总监Udi Nachmany宣布了juju新版本的发布一个开源的、解决方案驱动的Ubuntu下的协同工具。**
**Cononical旗下的Ubuntu认证公共云总监Udi Nachmany宣布了juju新版本的发布一个开源的、解决方案驱动的Ubuntu下的协同工具。**
根据[声明][1]和官方[发布公告][2]Juju 1.23.3是一个非常主流的版本,它打包了那些你想要在云上扩展和管理的包,而没有太多的麻烦
根据[声明][1]和官方[发布公告][2]Juju 1.23.3是一个主要版本,它打包了那些你想要在云上扩展和管理的包,而不需太多操作
Juju 1.23.3显著的功能是包含了对GCE的支持支持systemd初始化系统支持Ubuntu 15.04(Vivid Vervet),新的好玩的功能和对受限网络的支持。
Juju 1.23.3显著的功能是包含了对GCE的支持支持systemd初始化系统支持Ubuntu 15.04(Vivid Vervet),新的好玩的功能和对受限网络的代理支持。
另外juju的发布带来了一个新的恢复、新的消息、新的块和实验性地支持Service Leader Elections还有Ubuntu MAS和AWS上的可寻址的LXC和KVM。
另外juju的发布带来了一个新的样式恢复、新的消息、新的块和实验性地支持Service Leader Elections还有Ubuntu MAS和AWS上的LXC容器和KVM实例
Udi Nachmany说“在一个相关告示中如果你正在使用Google云平台你可能已经注意到了Google最近发布了云启动器。如果你密切关注,你同样注意到你说可以使用这个非常友好的UI来启动你的Ubuntu虚拟机。”
Udi Nachmany说“在一个相关告示中如果你正在使用Google云平台你可能已经注意到了Google最近发布了云启动器。如果你观察的足够仔细,你也会注意到你可以使用这个非常友好的UI来启动你的Ubuntu虚拟机。”
![](http://i1-news.softpedia-static.com/images/news2/Ubuntu-s-Juju-Now-Supports-systemd-and-Google-Cloud-Platform-483279-2.jpg)
@ -20,7 +20,7 @@ via: http://linux.softpedia.com/blog/Ubuntu-s-Juju-Now-Supports-systemd-and-Goog
作者:[Marius Nestor][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出

221
sources/share/20141013 Compact Text Editors Great for Remote Editing and Much More.md
View File

@ -1,221 +0,0 @@
translating by wwy-hust
Compact Text Editors Great for Remote Editing and Much More
================================================================================
A text editor is software used for editing plain text files. This type of software has many different uses including modifying configuration files, writing programming language source code, jotting down thoughts, or even making a grocery list. Given that editors can be used for such a diverse range of activities, it is worth spending the time finding an editor that best suites your preferences.
Whatever the level of sophistication of the editor, they typically have a common set of functionality, such as searching/replacing text, formatting text, importing files, as well as moving text within the file.
All of these text editors are console based applications which make them ideal for editing files on remote machines. Textadept also provides a graphical user interface, but remains fast and minimalist.
Console based applications are also light on system resources (very useful on low spec machines), can be faster and more efficient than their graphical counterparts, they do not stop working when X needs to be restarted, and are great for scripting purposes.
I have selected my favorite open source text editors that are frugal on system resources.
----------
### Textadept ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-Textadept.png)
Textadept is a fast, minimalist, and extensible cross-platform open source text editor for programmers. This open source application is written in a mixture of C and Lua and has been optimized for speed and minimalism over the years.
Textadept is an ideal editor for programmers who want endless extensibility options without sacrificing speed or succumbing to code bloat and featuritis.
There is also a version available for the terminal, which only depends on ncurses; great for editing on remote machines.
#### Features include: ####
- Lightweight
- Minimal design maximizes screen real estate
- Self-contained executable no installation necessary
- Entirely keyboard driven
- Unlimited split views (GUI version) split the editor window as many times as you like either horizontally or vertically. Please note that Textadept is not a tabbed editor
- Support for over 80 programming languages
- Powerful snippets and key commands
- Code autocompletion and API lookup
- Unparalleled extensibility
- Bookmarks
- Find and Replace
- Find in Files
- Buffer-based word completion
- Adeptsense autocomplete symbols for programming languages and display API documentation
- Themes: light, dark, and term
- Uses lexers to assign names to buffer elements like comments, strings, and keywords
- Sessions
- Snapopen
- Available modules include support for Java, Python, Ruby and recent file lists
- Conforms with the Gnome HIG Human Interface Guidelines
- Modules include support for Java, Python, Ruby and recent file lists
- Support for editing Lua code. Syntax autocomplete and LuaDoc is available for many Textadept objects as well as Luas standard libraries
- Website: [foicica.com/textadept][1]
- Developer: Mitchell and contributors
- License: MIT License
- Version Number: 7.7
----------
### Vim ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-vim.png)
Vim is an advanced text editor that seeks to provide the power of the editor 'Vi', with a more complete feature set.
This editor is very useful for editing programs and other plain ASCII files. All commands are given with normal keyboard characters, so those who can type with ten fingers can work very fast. Additionally, function keys can be defined by the user, and the mouse can be used.
Vim is often called a "programmer's editor," and is so useful for programming that many consider it to be an entire Integrated Development Environment. However, this application is not only intended for programmers. Vim is highly regarded for all kinds of text editing, from composing email to editing configuration files.
Vim's interface is based on commands given in a text user interface. Although its graphical user interface, gVim, adds menus and toolbars for commonly used commands, the software's entire functionality is still reliant on its command line mode.
#### Features include: ####
- 3 modes:
- - Command mode
- - Insert mode
- - Command line mode
- Unlimited undo
- Multiple windows and buffers
- Flexible insert mode
- Syntax highlighting highlight portions of the buffer in different colors or styles, based on the type of file being edited
- Interactive commands
- - Marking a line
- - vi line buffers
- - Shift a block of code
- Block operators
- Command line history
- Extended regular expressions
- Edit compressed/archive files (gzip, bzip2, zip, tar)
- Filename completion
- Block operations
- Jump tags
- Folding text
- Indenting
- ctags and cscope intergration
- 100% vi compatibility mode
- Plugins to add/extend functionality
- Macros
- vimscript, Vim's internal scripting language
- Unicode support
- Multi-language support
- Integrated On-line help
- Website: [www.vim.org][2]
- Developer: Bram Moolenaar
- License: GNU GPL compatible (charityware)
- Version Number: 7.4
----------
### ne ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-ne.png)
ne is a full screen open source text editor. It is intended to be an easier to learn alternative to vi, yet still portable across POSIX-compliant operating systems.
ne is easy to use for the beginner, but powerful and fully configurable for the wizard, and most sparing in its resource usage.
#### Features include: ####
- Three user interfaces: control keystrokes, command line, and menus; keystrokes and menus are completely configurable
- Syntax highlighting
- Full support for UTF-8 files, including multiple-column characters
- The number of documents and clips, the dimensions of the display, and the file/line lengths are limited only by the integer size of the machine
- Simple scripting language where scripts can be generated via an idiotproof record/play method
- Unlimited undo/redo capability (can be disabled with a command)
- Automatic preferences system based on the extension of the file name being edited
- Automatic completion of prefixes using words in your documents as dictionary
- File requester with completion features for easy file retrieval;
- Extended regular expression search and replace à la emacs and vi
- A very compact memory model easily load and modify very large files
- Editing of binary files
- Website: [ne.di.unimi.it][3]
- Developer: Sebastiano Vigna (original developer). Additional features added by Todd M. Lewis
- License: GNU GPL v3
- Version Number: 2.5
----------
### Zile ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-Zile.png)
Zile Is Lossy Emacs (Zile) is a small Emacs clone. Zile is a customizable, self-documenting real-time display editor. Zile was written to be as similar as possible to Emacs; every Emacs user should feel comfortable with Zile.
Zile is distinguished by a very small RAM memory footprint, of approximately 130kB, and quick editing sessions. It is 8-bit clean, allowing it to be used on any sort of file.
#### Features include: ####
- Small but fast and powerful
- Multi buffer editing with multi level undo
- Multi window
- Killing, yanking and registers
- Minibuffer completion
- Auto fill (word wrap)
- Registers
- Looks like Emacs. Key sequences, function and variable names are identical with Emacs's
- Killing
- Yanking
- Auto line ending detection
- Website: [www.gnu.org/software/zile][4]
- Developer: Reuben Thomas, Sandro Sigala, David A. Capello
- License: GNU GPL v2
- Version Number: 2.4.11
----------
### nano ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-nano.png)
nano is a curses-based text editor. It is a clone of Pico, the editor of the Pine email client.
The nano project was started in 1999 due to licensing issues with the Pine suite (Pine was not distributed under a free software license), and also because Pico lacked some essential features.
nano aims to emulate the functionality and easy-to-use interface of Pico, while offering additional functionality, but without the tight mailer integration of the Pine/Pico package.
nano, like Pico, is keyboard-oriented, controlled with control keys.
#### Features include: ####
- Interactive search and replace
- Color syntax highlighting
- Go to line and column number
- Auto-indentation
- Feature toggles
- UTF-8 support
- Mixed file format auto-conversion
- Verbatim input mode
- Multiple file buffers
- Smooth scrolling
- Bracket matching
- Customizable quoting string
- Backup files
- Internationalization support
- Filename tab completion
- Website: [nano-editor.org][5]
- Developer: Chris Allegretta, David Lawrence, Jordi Mallach, Adam Rogoyski, Robert Siemborski, Rocco Corsi, David Benbennick, Mike Frysinger
- License: GNU GPL v3
- Version Number: 2.2.6
--------------------------------------------------------------------------------
via: http://www.linuxlinks.com/article/20141011073917230/TextEditors.html
作者Frazer Kline
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://foicica.com/textadept/
[2]:http://www.vim.org/
[3]:http://ne.di.unimi.it/
[4]:http://www.gnu.org/software/zile/
[5]:http://nano-editor.org/

4
sources/tech/20150209 How to access Feedly RSS feed from the command line on Linux.md
View File

@ -1,3 +1,5 @@
translating by chenzhijun
How to access Feedly RSS feed from the command line on Linux
================================================================================
In case you didn't know, [Feedly][1] is one of the most popular online news aggregation services. It offers seamlessly unified news reading experience across desktops, Android and iOS devices via browser extensions and mobile apps. Feedly took on the demise of Google Reader in 2013, quickly gaining a lot of then Google Reader users. I was one of them, and Feedly has remained my default RSS reader since then.
@ -103,4 +105,4 @@ via: http://xmodulo.com/feedly-rss-feed-command-line-linux.html
[a]:http://xmodulo.com/author/nanni
[1]:https://feedly.com/
[2]:https://github.com/Jarkore/Feednix
[3]:https://aur.archlinux.org/packages/feednix/
[3]:https://aur.archlinux.org/packages/feednix/

1
sources/tech/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md
View File

@ -1,3 +1,4 @@
2q1w2007申领
How to access a Linux server behind NAT via reverse SSH tunnel
================================================================================
You are running a Linux server at home, which is behind a NAT router or restrictive firewall. Now you want to SSH to the home server while you are away from home. How would you set that up? SSH port forwarding will certainly be an option. However, port forwarding can become tricky if you are dealing with multiple nested NAT environment. Besides, it can be interfered with under various ISP-specific conditions, such as restrictive ISP firewalls which block forwarded ports, or carrier-grade NAT which shares IPv4 addresses among users.

181
sources/tech/20150515 Install 'Tails 1.4′ Linux Operating System to Preserve Privacy and Anonymity.md
View File

@ -1,181 +0,0 @@
FSSlc translating
Install Tails 1.4 Linux Operating System to Preserve Privacy and Anonymity
================================================================================
In this Internet world and the world of Internet we perform most of our task online be it Ticket booking, Money transfer, Studies, Business, Entertainment, Social Networking and what not. We spend a major part of our time online daily. It has been getting hard to remain anonymous with each passing day specially when backdoors are being planted by organizations like NSA (National Security Agency) who are putting their nose in between every thing that we come across online. We have least or no privacy online. All the searches are logged upon the basis of user Internet surfing activity and machine activity.
A wonderful browser from Tor project is used by millions which help us surfing the web anonymously however it is not difficult to trace your browsing habits and hence tor alone is not the guarantee of your safety online. You may like to check Tor features and installation instructions here:
- [Anonymous Web Browsing using Tor][1]
There is a operating system named Tails by Tor Projects. Tails (The Amnesic Incognito Live System) is a live operating system, based on Debian Linux distribution, which mainly focused on preserving privacy and anonymity on the web while browsing internet, means all its outgoing connection are forced to pass through the Tor and direct (non-anonymous) requests are blocked. The system is designed to run from any boot-able media be it USB stick or DVD.
The latest stable release of Tails OS is 1.4 which was released on May 12, 2015. Powered by open source Monolithic Linux Kernel and built on top of Debian GNU/Linux Tails aims at Personal Computer Market and includes GNOME 3 as default user Interface.
#### Features of Tails OS 1.4 ####
- Tails is a free operating system, free as in beer and free as in speech.
- Built on top of Debian/GNU Linux. The most widely used OS that is Universal.
- Security Focused Distribution.
- Windows 8 camouflage.
- Need not to be installed and browse Internet anonymously using Live Tails CD/DVD.
- Leave no trace on the computer, while tails is running.
- Advanced cryptographic tools used to encrypt everything that concerns viz., files, emails, etc.
- Sends and Receive traffic through tor network.
- In true sense it provides privacy for anyone, anywhere.
- Comes with several applications ready to be used from Live Environment.
- All the softwares comes per-configured to connect to INTERNET only through Tor network.
- Any application that tries to connect to Internet without Tor Network is blocked, automatically.
- Restricts someone who is watching what sites you visit and restricts sites to learn your geographical location.
- Connect to websites that are blocked and/or censored.
- Designed specially not to use space used by parent OS even when there is free swap space.
- The whole OS loads on RAM and is flushed when we reboot/shutdown. Hence no trace of running.
- Advanced security implementation by encrypting USB disk, HTTPS ans Encrypt and sign emails and documents.
#### What can you expect in Tails 1.4 ####
- Tor Browser 4.5 with a security Slider.
- Tor Upgraded to version 0.2.6.7.
- Several Security holes fixed.
- Many of the bug fixed and patches applied to Applications like curl, OpenJDK 7, tor Network, openldap, etc.
To get a complete list of change logs you may visit [HERE][2]
**Note**: It is strongly recommended to upgrade to Tails 1.4, if youre using any older version of Tails.
#### Why should I use Tails Operating System ####
You need Tails because you need:
- Freedom from network surveillance
- Defend freedom, privacy and confidentiality
- Security aka traffic analysis
This tutorial will walk through the installation of Tails 1.4 OS with a short review.
### Tails 1.4 Installation Guide ###
1. To download the latest Tails OS 1.4, you may use wget command to download directly.
$ wget http://dl.amnesia.boum.org/tails/stable/tails-i386-1.4/tails-i386-1.4.iso
Alternatively you may download Tails 1.4 Direct ISO image or use a Torrent Client to pull the iso image file for you. Here is the link to both downloads:
- [tails-i386-1.4.iso][3]
- [tails-i386-1.4.torrent][4]
2. After downloading, verify ISO Integrity by matching SHA256 checksum with the SHA256SUM provided on the official website..
$ sha256sum tails-i386-1.4.iso
339c8712768c831e59c4b1523002b83ccb98a4fe62f6a221fee3a15e779ca65d
If you are interested in knowing OpenPGP, checking Tails signing key against Debian keyring and anything related to Tails cryptographic signature, you may like to point your browser [HERE][5].
3. Next you need to write the image to USB stick or DVD ROM. You may like to check the article, [How to Create Live Bootable USB][6] for details on how to make a flash drive bootable and write ISO to it.
4. Insert the Tails OS Bootable flash drive or DVD ROM in the disk and boot from it (select from BIOS to boot). The first screen two options to select from Live and Live (failsafe). Select Live and press Enter.
![Tails Boot Menu](http://www.tecmint.com/wp-content/uploads/2015/05/1.png)
Tails Boot Menu
5. Just before login. You have two options. Click More Options if you want to configure and set advanced options else click No.
![Tails Welcome Screen](http://www.tecmint.com/wp-content/uploads/2015/05/2.png)
Tails Welcome Screen
6. After clicking Advanced option, you need to setup root password. This is important if you want to upgrade it. This root password is valid till you shutdown/reboot the machine.
Also you may enable Windows Camouflage, if you want to run this OS on a public place, so that it seems as you are running Windows 8 operating system. Good option indeed! Is not it? Also you have a option to configure Network and Mac Address. Click Login when done!.
![Tails OS Configuration](http://www.tecmint.com/wp-content/uploads/2015/05/3.png)
Tails OS Configuration
7. This is Tails GNU/Linux OS camouflaged by Windows Skin.
![Tails Windows Look](http://www.tecmint.com/wp-content/uploads/2015/05/4.jpg)
Tails Windows Look
8. It will start Tor Network in the background. Check the Notification on the top-right corner of the screen Tor is Ready / You are now connected to the Internet.
Also check what it contains under Internet Menu. Notice It has Tor Browser (safe) and Unsafe Web Browser (Where incoming and outgoing data dont pass through TOR Network) along with other applications.
![Tails Menu and Tools](http://www.tecmint.com/wp-content/uploads/2015/05/5.jpg)
Tails Menu and Tools
9. Click Tor and check your IP Address. It confirms my physical location is not shared and my privacy is intact.
![Check Privacy on Tails](http://www.tecmint.com/wp-content/uploads/2015/05/6.jpg)
Check Privacy on Tails
10. You may Invoke Tails Installer to clone & Install, Clone & Upgrade and Upgrade from ISO.
![Tails Installer Options](http://www.tecmint.com/wp-content/uploads/2015/05/7.jpg)
Tails Installer Options
11. The other option was to select Tor without any advanced option, just before login (Check step #5 above).
![Tails Without Advance Option](http://www.tecmint.com/wp-content/uploads/2015/05/8.png)
Tails Without Advance Option
12. You will get log-in to Gnome3 Desktop Environment.
![Tails Gnome Desktop](http://www.tecmint.com/wp-content/uploads/2015/05/9.png)
Tails Gnome Desktop
13. If you click to Launch Unsafe browser in Camouflage or without Camouflage, you will be notified.
![Tails Browsing Notification](http://www.tecmint.com/wp-content/uploads/2015/05/10.png)
Tails Browsing Notification
If you do, this is what you get in a Browser.
![Tails Browsing Alert](http://www.tecmint.com/wp-content/uploads/2015/05/11.png)
Tails Browsing Alert
#### Is Tails for me? ####
To get the above question answered, first answer a few question.
- Do you need your privacy to be intact while you are online?
- Do you want to remain hidden from Identity thieves?
- Do you want somebody to put your nose in between your private chat online?
- Do you really want to show your geographical location to anybody there?
- Do you carry out banking transactions online?
- Are you happy with the censorship by government and ISP?
If the answer to any of the above question is YES you preferably need Tails. If answer to all the above question is NO you perhaps dont need it.
To know more about Tails? Point your browser to user Documentation : [https://tails.boum.org/doc/index.en.html][7]
### Conclusion ###
Tails is an OS which is must for those who work in an unsafe environment. An OS focused on security yet contains bundles of Application Gnome Desktop, Tor, Firefox (Iceweasel), Network Manager, Pidgin, Claws mail, Liferea feed addregator, Gobby, Aircrack-ng, I2P.
It also contain several tools for Encryption and Privacy Under the Hood, viz., LUKS, GNUPG, PWGen, Shamirs Secret Sharing, Virtual Keyboard (against Hardware Keylogging), MAT, KeePassX Password Manager, etc.
Thats all for now. Keep Connected to Tecmint. Share your thoughts on Tails GNU/Linux Operating System. What do you think about the future of the Project? Also test it Locally and let us know your experience.
You may run it in [Virtualbox][8] as well. Remember Tails loads the whole OS in RAM hence give enough RAM to run Tails in VM.
I tested in 1GB Environment and it worked without lagging. Thanks to all our readers for their Support. In making Tecmint a one place for all Linux related stuffs your co-operation is needed. Kudos!
--------------------------------------------------------------------------------
via: http://www.tecmint.com/install-tails-1-4-linux-operating-system-to-preserve-privacy-and-anonymity/
作者:[Avishek Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/tor-browser-for-anonymous-web-browsing/
[2]:https://tails.boum.org/news/version_1.4/index.en.html
[3]:http://dl.amnesia.boum.org/tails/stable/tails-i386-1.4/tails-i386-1.4.iso
[4]:https://tails.boum.org/torrents/files/tails-i386-1.4.torrent
[5]:https://tails.boum.org/download/index.en.html#verify
[6]:http://www.tecmint.com/install-linux-from-usb-device/
[7]:https://tails.boum.org/doc/index.en.html
[8]:http://www.tecmint.com/install-virtualbox-on-redhat-centos-fedora/

4
sources/tech/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md
View File

@ -1,3 +1,5 @@
translating by wwy-hust
Nishita Agarwal Shares Her Interview Experience on Linux iptables Firewall
================================================================================
Nishita Agarwal, a frequent Tecmint Visitor shared her experience (Question and Answer) with us regarding the job interview she had just given in a privately owned hosting company in Pune, India. She was asked a lot of questions on a variety of topics however she is an expert in iptables and she wanted to share those questions and their answer (she gave) related to iptables to others who may be going to give interview in near future.
@ -204,4 +206,4 @@ via: http://www.tecmint.com/linux-firewall-iptables-interview-questions-and-answ
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/install-webmin-web-based-system-administration-tool-for-rhel-centos-fedora/
[1]:http://www.tecmint.com/install-webmin-web-based-system-administration-tool-for-rhel-centos-fedora/

313
sources/tech/RHCSA Series/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md Normal file
View File

@ -0,0 +1,313 @@
RHCSA Series: Reviewing Essential Commands & System Documentation Part 1
================================================================================
RHCSA (Red Hat Certified System Administrator) is a certification exam from Red Hat company, which provides an open source operating system and software to the enterprise community, It also provides support, training and consulting services for the organizations.
![RHCSA Exam Guide](http://www.tecmint.com/wp-content/uploads/2015/02/RHCSA-Series-by-Tecmint.png)
RHCSA Exam Preparation Guide
RHCSA exam is the certification obtained from Red Hat Inc, after passing the exam (codename EX200). RHCSA exam is an upgrade to the RHCT (Red Hat Certified Technician) exam, and this upgrade is compulsory as the Red Hat Enterprise Linux was upgraded. The main variation between RHCT and RHCSA is that RHCT exam based on RHEL 5, whereas RHCSA certification is based on RHEL 6 and 7, the courseware of these two certifications are also vary to a certain level.
This Red Hat Certified System Administrator (RHCSA) is essential to perform the following core system administration tasks needed in Red Hat Enterprise Linux environments:
- Understand and use necessary tools for handling files, directories, command-environments line, and system-wide / packages documentation.
- Operate running systems, even in different run levels, identify and control processes, start and stop virtual machines.
- Set up local storage using partitions and logical volumes.
- Create and configure local and network file systems and its attributes (permissions, encryption, and ACLs).
- Setup, configure, and control systems, including installing, updating and removing software.
- Manage system users and groups, along with use of a centralized LDAP directory for authentication.
- Ensure system security, including basic firewall and SELinux configuration.
To view fees and register for an exam in your country, check the [RHCSA Certification page][1].
To view fees and register for an exam in your country, check the RHCSA Certification page.
In this 15-article RHCSA series, titled Preparation for the RHCSA (Red Hat Certified System Administrator) exam, we will going to cover the following topics on the latest releases of Red Hat Enterprise Linux 7.
- Part 1: Reviewing Essential Commands & System Documentation
- Part 2: How to Perform File and Directory Management in RHEL 7
- Part 3: How to Manage Users and Groups in RHEL 7
- Part 4: Editing Text Files with Nano and Vim / Analyzing text with grep and regexps
- Part 5: Process Management in RHEL 7: boot, shutdown, and everything in between
- Part 6: Using Parted and SSM to Configure and Encrypt System Storage
- Part 7: Using ACLs (Access Control Lists) and Mounting Samba / NFS Shares
- Part 8: Securing SSH, Setting Hostname and Enabling Network Services
- Part 9: Installing, Configuring and Securing a Web and FTP Server
- Part 10: Yum Package Management, Automating Tasks with Cron and Monitoring System Logs
- Part 11: Firewall Essentials and Control Network Traffic Using FirewallD and Iptables
- Part 12: Automate RHEL 7 Installations Using Kickstart
- Part 13: RHEL 7: What is SELinux and how it works?
- Part 14: Use LDAP-based authentication in RHEL 7
- Part 15: Virtualization in RHEL 7: KVM and Virtual machine management
In this Part 1 of the RHCSA series, we will explain how to enter and execute commands with the correct syntax in a shell prompt or terminal, and explained how to find, inspect, and use system documentation.
![RHCSA: Reviewing Essential Linux Commands Part 1](http://www.tecmint.com/wp-content/uploads/2015/02/Reviewing-Essential-Linux-Commands.png)
RHCSA: Reviewing Essential Linux Commands Part 1
#### Prerequisites: ####
At least a slight degree of familiarity with basic Linux commands such as:
- [cd command][2] (change directory)
- [ls command][3] (list directory)
- [cp command][4] (copy files)
- [mv command][5] (move or rename files)
- [touch command][6] (create empty files or update the timestamp of existing ones)
- rm command (delete files)
- mkdir command (make directory)
The correct usage of some of them are anyway exemplified in this article, and you can find further information about each of them using the suggested methods in this article.
Though not strictly required to start, as we will be discussing general commands and methods for information search in a Linux system, you should try to install RHEL 7 as explained in the following article. It will make things easier down the road.
- [Red Hat Enterprise Linux (RHEL) 7 Installation Guide][7]
### Interacting with the Linux Shell ###
If we log into a Linux box using a text-mode login screen, chances are we will be dropped directly into our default shell. On the other hand, if we login using a graphical user interface (GUI), we will have to open a shell manually by starting a terminal. Either way, we will be presented with the user prompt and we can start typing and executing commands (a command is executed by pressing the Enter key after we have typed it).
Commands are composed of two parts:
- the name of the command itself, and
- arguments
Certain arguments, called options (usually preceded by a hyphen), alter the behavior of the command in a particular way while other arguments specify the objects upon which the command operates.
The type command can help us identify whether another certain command is built into the shell or if it is provided by a separate package. The need to make this distinction lies in the place where we will find more information about the command. For shell built-ins we need to look in the shells man page, whereas for other binaries we can refer to its own man page.
![Check Shell built in Commands](http://www.tecmint.com/wp-content/uploads/2015/02/Check-shell-built-in-Commands.png)
Check Shell built in Commands
In the examples above, cd and type are shell built-ins, while top and less are binaries external to the shell itself (in this case, the location of the command executable is returned by type).
Other well-known shell built-ins include:
- [echo command][8]: Displays strings of text.
- [pwd command][9]: Prints the current working directory.
![More Built in Shell Commands](http://www.tecmint.com/wp-content/uploads/2015/02/More-Built-in-Shell-Commands.png)
More Built in Shell Commands
**exec command**
Runs an external program that we specify. Note that in most cases, this is better accomplished by just typing the name of the program we want to run, but the exec command has one special feature: rather than create a new process that runs alongside the shell, the new process replaces the shell, as can verified by subsequent.
# ps -ef | grep [original PID of the shell process]
When the new process terminates, the shell terminates with it. Run exec top and then hit the q key to quit top. You will notice that the shell session ends when you do, as shown in the following screencast:
youtube视频
<iframe width="640" height="405" frameborder="0" allowfullscreen="allowfullscreen" src="https://www.youtube.com/embed/f02w4WT73LE"></iframe>
**export command**
Exports variables to the environment of subsequently executed commands.
**history Command**
Displays the command history list with line numbers. A command in the history list can be repeated by typing the command number preceded by an exclamation sign. If we need to edit a command in history list before executing it, we can press Ctrl + r and start typing the first letters associated with the command. When we see the command completed automatically, we can edit it as per our current need:
youtube视频
<iframe width="640" height="405" frameborder="0" allowfullscreen="allowfullscreen" src="https://www.youtube.com/embed/69vafdSMfU4"></iframe>
This list of commands is kept in our home directory in a file called .bash_history. The history facility is a useful resource for reducing the amount of typing, especially when combined with command line editing. By default, bash stores the last 500 commands you have entered, but this limit can be extended by using the HISTSIZE environment variable:
![Linux history Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-history-Command.png)
Linux history Command
But this change as performed above, will not be persistent on our next boot. In order to preserve the change in the HISTSIZE variable, we need to edit the .bashrc file by hand:
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
**Important**: Keep in mind that these changes will not take effect until we restart our shell session.
**alias command**
With no arguments or with the -p option prints the list of aliases in the form alias name=value on standard output. When arguments are provided, an alias is defined for each name whose value is given.
With alias, we can make up our own commands or modify existing ones by including desired options. For example, suppose we want to alias ls to ls color=auto so that the output will display regular files, directories, symlinks, and so on, in different colors:
# alias ls='ls --color=auto'
![Linux alias Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-alias-Command.png)
Linux alias Command
**Note**: That you can assign any name to your “new command” and enclose as many commands as desired between single quotes, but in that case you need to separate them by semicolons, as follows:
# alias myNewCommand='cd /usr/bin; ls; cd; clear'
**exit command**
The exit and logout commands both terminate the shell. The exit command terminates any shell, but the logout command terminates only login shells—that is, those that are launched automatically when you initiate a text-mode login.
If we are ever in doubt as to what a program does, we can refer to its man page, which can be invoked using the man command. In addition, there are also man pages for important files (inittab, fstab, hosts, to name a few), library functions, shells, devices, and other features.
#### Examples: ####
- man uname (print system information, such as kernel name, processor, operating system type, architecture, and so on).
- man inittab (init daemon configuration).
Another important source of information is provided by the info command, which is used to read info documents. These documents often provide more information than the man page. It is invoked by using the info keyword followed by a command name, such as:
# info ls
# info cut
In addition, the /usr/share/doc directory contains several subdirectories where further documentation can be found. They either contain plain-text files or other friendly formats.
Make sure you make it a habit to use these three methods to look up information for commands. Pay special and careful attention to the syntax of each of them, which is explained in detail in the documentation.
**Converting Tabs into Spaces with expand Command**
Sometimes text files contain tabs but programs that need to process the files dont cope well with tabs. Or maybe we just want to convert tabs into spaces. Thats where the expand tool (provided by the GNU coreutils package) comes in handy.
For example, given the file NumbersList.txt, lets run expand against it, changing tabs to one space, and display on standard output.
# expand --tabs=1 NumbersList.txt
![Linux expand Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-expand-Command.png)
Linux expand Command
The unexpand command performs the reverse operation (converts spaces into tabs).
**Display the first lines of a file with head and the last lines with tail**
By default, the head command followed by a filename, will display the first 10 lines of the said file. This behavior can be changed using the -n option and specifying a certain number of lines.
# head -n3 /etc/passwd
# tail -n3 /etc/passwd
![Linux head and tail Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-head-and-tail-Command.png)
Linux head and tail Command
One of the most interesting features of tail is the possibility of displaying data (last lines) as the input file grows (tail -f my.log, where my.log is the file under observation). This is particularly useful when monitoring a log to which data is being continually added.
Read More: [Manage Files Effectively using head and tail Commands][10]
**Merging Lines with paste**
The paste command merges files line by line, separating the lines from each file with tabs (by default), or another delimiter that can be specified (in the following example the fields in the output are separated by an equal sign).
# paste -d= file1 file2
![Merge Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Merge-Files-in-Linux-with-paste-command.png)
Merge Files in Linux
**Breaking a file into pieces using split command**
The split command is used split a file into two (or more) separate files, which are named according to a prefix of our choosing. The splitting can be defined by size, chunks, or number of lines, and the resulting files can have a numeric or alphabetic suffixes. In the following example, we will split bash.pdf into files of size 50 KB (-b 50KB), using numeric suffixes (-d):
# split -b 50KB -d bash.pdf bash_
![Split Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Split-Files-in-Linux-with-split-command.png)
Split Files in Linux
You can merge the files to recreate the original file with the following command:
# cat bash_00 bash_01 bash_02 bash_03 bash_04 bash_05 > bash.pdf
**Translating characters with tr command**
The tr command can be used to translate (change) characters on a one-by-one basis or using character ranges. In the following example we will use the same file2 as previously, and we will change:
- lowercase os to uppercase,
- and all lowercase to uppercase
# cat file2 | tr o O
# cat file2 | tr [a-z] [A-Z]
![Translate Characters in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Translate-characters-in-Linux-with-tr-command.png)
Translate Characters in Linux
**Reporting or deleting duplicate lines with uniq and sort command**
The uniq command allows us to report or remove duplicate lines in a file, writing to stdout by default. We must note that uniq does not detect repeated lines unless they are adjacent. Thus, uniq is commonly used along with a preceding sort (which is used to sort lines of text files).
By default, sort takes the first field (separated by spaces) as key field. To specify a different key field, we need to use the -k option. Please note how the output returned by sort and uniq change as we change the key field in the following example:
# cat file3
# sort file3 | uniq
# sort -k2 file3 | uniq
# sort -k3 file3 | uniq
![Remove Duplicate Lines in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Remove-Duplicate-Lines-in-file.png)
Remove Duplicate Lines in Linux
**Extracting text with cut command**
The cut command extracts portions of input lines (from stdin or files) and displays the result on standard output, based on number of bytes (-b), characters (-c), or fields (-f).
When using cut based on fields, the default field separator is a tab, but a different separator can be specified by using the -d option.
# cut -d: -f1,3 /etc/passwd # Extract specific fields: 1 and 3 in this case
# cut -d: -f2-4 /etc/passwd # Extract range of fields: 2 through 4 in this example
![Extract Text From a File in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Extract-Text-from-a-file.png)
Extract Text From a File in Linux
Note that the output of the two examples above was truncated for brevity.
**Reformatting files with fmt command**
fmt is used to “clean up” files with a great amount of content or lines, or with varying degrees of indentation. The new paragraph formatting defaults to no more than 75 characters wide. You can change this with the -w (width) option, which set the line length to the specified number of characters.
For example, lets see what happens when we use fmt to display the /etc/passwd file setting the width of each line to 100 characters. Once again, output has been truncated for brevity.
# fmt -w100 /etc/passwd
![File Reformatting in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/File-Reformatting-in-Linux-with-fmt-command.png)
File Reformatting in Linux
**Formatting content for printing with pr command**
pr paginates and displays in columns one or more files for printing. In other words, pr formats a file to make it look better when printed. For example, the following command:
# ls -a /etc | pr -n --columns=3 -h "Files in /etc"
Shows a listing of all the files found in /etc in a printer-friendly format (3 columns) with a custom header (indicated by the -h option), and numbered lines (-n).
![File Formatting in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/File-Formatting-in-Linux-with-pr-command.png)
File Formatting in Linux
### Summary ###
In this article we have discussed how to enter and execute commands with the correct syntax in a shell prompt or terminal, and explained how to find, inspect, and use system documentation. As simple as it seems, its a large first step in your way to becoming a RHCSA.
If you would like to add other commands that you use on a periodic basis and that have proven useful to fulfill your daily responsibilities, feel free to share them with the world by using the comment form below. Questions are also welcome. We look forward to hearing from you!
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:https://www.redhat.com/en/services/certification/rhcsa
[2]:http://www.tecmint.com/cd-command-in-linux/
[3]:http://www.tecmint.com/ls-command-interview-questions/
[4]:http://www.tecmint.com/advanced-copy-command-shows-progress-bar-while-copying-files/
[5]:http://www.tecmint.com/rename-multiple-files-in-linux/
[6]:http://www.tecmint.com/8-pratical-examples-of-linux-touch-command/
[7]:http://www.tecmint.com/redhat-enterprise-linux-7-installation/
[8]:http://www.tecmint.com/echo-command-in-linux/
[9]:http://www.tecmint.com/pwd-command-examples/
[10]:http://www.tecmint.com/view-contents-of-file-in-linux/

322
sources/tech/RHCSA Series/RHCSA Series--Part 02--How to Perform File and Directory Management.md Normal file
View File

@ -0,0 +1,322 @@
RHCSA Series: How to Perform File and Directory Management Part 2
================================================================================
In this article, RHCSA Part 2: File and directory management, we will review some essential skills that are required in the day-to-day tasks of a system administrator.
![RHCSA: Perform File and Directory Management Part 2](http://www.tecmint.com/wp-content/uploads/2015/03/RHCSA-Part2.png)
RHCSA: Perform File and Directory Management Part 2
### Create, Delete, Copy, and Move Files and Directories ###
File and directory management is a critical competence that every system administrator should possess. This includes the ability to create / delete text files from scratch (the core of each programs configuration) and directories (where you will organize files and other directories), and to find out the type of existing files.
The [touch command][1] can be used not only to create empty files, but also to update the access and modification times of existing files.
![touch command example](http://www.tecmint.com/wp-content/uploads/2015/03/touch-command-example.png)
touch command example
You can use `file [filename]` to determine a files type (this will come in handy before launching your preferred text editor to edit it).
![file command example](http://www.tecmint.com/wp-content/uploads/2015/03/file-command-example.png)
file command example
and `rm [filename]` to delete it.
![Linux rm command examples](http://www.tecmint.com/wp-content/uploads/2015/03/rm-command-examples.png)
rm command example
As for directories, you can create directories inside existing paths with `mkdir [directory]` or create a full path with `mkdir -p [/full/path/to/directory].`
![mkdir command example](http://www.tecmint.com/wp-content/uploads/2015/03/mkdir-command-example.png)
mkdir command example
When it comes to removing directories, you need to make sure that theyre empty before issuing the `rmdir [directory]` command, or use the more powerful (handle with care!) `rm -rf [directory]`. This last option will force remove recursively the `[directory]` and all its contents so use it at your own risk.
### Input and Output Redirection and Pipelining ###
The command line environment provides two very useful features that allows to redirect the input and output of commands from and to files, and to send the output of a command to another, called redirection and pipelining, respectively.
To understand those two important concepts, we must first understand the three most important types of I/O (Input and Output) streams (or sequences) of characters, which are in fact special files, in the *nix sense of the word.
- Standard input (aka stdin) is by default attached to the keyboard. In other words, the keyboard is the standard input device to enter commands to the command line.
- Standard output (aka stdout) is by default attached to the screen, the device that “receives” the output of commands and display them on the screen.
- Standard error (aka stderr), is where the status messages of a command is sent to by default, which is also the screen.
In the following example, the output of `ls /var` is sent to stdout (the screen), as well as the result of ls /tecmint. But in the latter case, it is stderr that is shown.
![Linux input output redirect](http://www.tecmint.com/wp-content/uploads/2015/03/Linux-input-output-redirect.png)
Input and Output Example
To more easily identify these special files, they are each assigned a file descriptor, an abstract representation that is used to access them. The essential thing to understand is that these files, just like others, can be redirected. What this means is that you can capture the output from a file or script and send it as input to another file, command, or script. This will allow you to store on disk, for example, the output of commands for later processing or analysis.
To redirect stdin (fd 0), stdout (fd 1), or stderr (fd 2), the following operators are available.
注:表格
<table cellspacing="0" border="0">
<colgroup width="226"></colgroup>
<colgroup width="743"></colgroup>
<tbody>
<tr>
<td align="CENTER" height="24" bgcolor="#999999" style="border: 1px solid #000000;"><b><span style="font-size: medium;">Redirection Operator</span></b></td>
<td align="CENTER" bgcolor="#999999" style="border: 1px solid #000000;"><b><span style="font-size: medium;">Effect</span></b></td>
</tr>
<tr class="alt">
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">&gt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">Redirects standard output to a file containing standard output. If the destination file exists, it will be overwritten.</td>
</tr>
<tr>
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">&gt;&gt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">Appends standard output to a file.</td>
</tr>
<tr class="alt">
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">2&gt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">Redirects standard error to a file containing standard output. If the destination file exists, it will be overwritten.</td>
</tr>
<tr>
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">2&gt;&gt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">Appends standard error to the existing file.</td>
</tr>
<tr class="alt">
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">&amp;&gt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">Redirects both standard output and standard error to a file; if the specified file exists, it will be overwritten.</td>
</tr>
<tr>
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">&lt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">Uses the specified file as standard input.</td>
</tr>
<tr class="alt">
<td align="CENTER" height="18" style="border: 1px solid #000000;"><b><span style="font-family: Courier New;">&lt;&gt;</span></b></td>
<td align="LEFT" style="border: 1px solid #000000;">The specified file is used for both standard input and standard output.</td>
</tr>
</tbody>
</table>
As opposed to redirection, pipelining is performed by adding a vertical bar `(|)` after a command and before another one.
Remember:
- Redirection is used to send the output of a command to a file, or to send a file as input to a command.
- Pipelining is used to send the output of a command to another command as input.
#### Examples Of Redirection and Pipelining ####
**Example 1: Redirecting the output of a command to a file**
There will be times when you will need to iterate over a list of files. To do that, you can first save that list to a file and then read that file line by line. While it is true that you can iterate over the output of ls directly, this example serves to illustrate redirection.
# ls -1 /var/mail > mail.txt
![Redirect output of command tot a file](http://www.tecmint.com/wp-content/uploads/2015/03/Redirect-output-to-a-file.png)
Redirect output of command tot a file
**Example 2: Redirecting both stdout and stderr to /dev/null**
In case we want to prevent both stdout and stderr to be displayed on the screen, we can redirect both file descriptors to `/dev/null`. Note how the output changes when the redirection is implemented for the same command.
# ls /var /tecmint
# ls /var/ /tecmint &> /dev/null
![Redirecting stdout and stderr ouput to /dev/null](http://www.tecmint.com/wp-content/uploads/2015/03/Redirecting-stdout-stderr-ouput.png)
Redirecting stdout and stderr ouput to /dev/null
#### Example 3: Using a file as input to a command ####
While the classic syntax of the [cat command][2] is as follows.
# cat [file(s)]
You can also send a file as input, using the correct redirection operator.
# cat < mail.txt
![Linux cat command examples](http://www.tecmint.com/wp-content/uploads/2015/03/cat-command-examples.png)
cat command example
#### Example 4: Sending the output of a command as input to another ####
If you have a large directory or process listing and want to be able to locate a certain file or process at a glance, you will want to pipeline the listing to grep.
Note that we use to pipelines in the following example. The first one looks for the required keyword, while the second one will eliminate the actual `grep command` from the results. This example lists all the processes associated with the apache user.
# ps -ef | grep apache | grep -v grep
![Send output of command as input to another](http://www.tecmint.com/wp-content/uploads/2015/03/Send-output-of-command-as-input-to-another1.png)
Send output of command as input to another
### Archiving, Compressing, Unpacking, and Uncompressing Files ###
If you need to transport, backup, or send via email a group of files, you will use an archiving (or grouping) tool such as [tar][3], typically used with a compression utility like gzip, bzip2, or xz.
Your choice of a compression tool will be likely defined by the compression speed and rate of each one. Of these three compression tools, gzip is the oldest and provides the least compression, bzip2 provides improved compression, and xz is the newest and provides the best compression. Typically, files compressed with these utilities have .gz, .bz2, or .xz extensions, respectively.
注:表格
<table cellspacing="0" border="0">
<colgroup width="165"></colgroup>
<colgroup width="137"></colgroup>
<colgroup width="366"></colgroup>
<tbody>
<tr>
<td align="CENTER" height="24" bgcolor="#999999" style="border: 1px solid #000000;"><b><span style="font-size: medium;">Command</span></b></td>
<td align="CENTER" bgcolor="#999999" style="border: 1px solid #000000;"><b><span style="font-size: medium;">Abbreviation</span></b></td>
<td align="CENTER" bgcolor="#999999" style="border: 1px solid #000000;"><b><span style="font-size: medium;">Description</span></b></td>
</tr>
<tr class="alt">
<td align="LEFT" height="18" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;create</span></td>
<td align="LEFT" style="border: 1px solid #000000;">c</td>
<td align="LEFT" style="border: 1px solid #000000;">Creates a tar archive</td>
</tr>
<tr>
<td align="LEFT" height="18" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;concatenate</span></td>
<td align="LEFT" style="border: 1px solid #000000;">A</td>
<td align="LEFT" style="border: 1px solid #000000;">Appends tar files to an archive</td>
</tr>
<tr class="alt">
<td align="LEFT" height="18" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;append</span></td>
<td align="LEFT" style="border: 1px solid #000000;">r</td>
<td align="LEFT" style="border: 1px solid #000000;">Appends non-tar files to an archive</td>
</tr>
<tr>
<td align="LEFT" height="18" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;update</span></td>
<td align="LEFT" style="border: 1px solid #000000;">u</td>
<td align="LEFT" style="border: 1px solid #000000;">Appends files that are newer than those in an archive</td>
</tr>
<tr class="alt">
<td align="LEFT" height="18" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;diff or &ndash;compare</span></td>
<td align="LEFT" style="border: 1px solid #000000;">d</td>
<td align="LEFT" style="border: 1px solid #000000;">Compares an archive to files on disk</td>
</tr>
<tr>
<td align="LEFT" height="20" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;list</span></td>
<td align="LEFT" style="border: 1px solid #000000;">t</td>
<td align="LEFT" style="border: 1px solid #000000;">Lists the contents of a tarball</td>
</tr>
<tr class="alt">
<td align="LEFT" height="18" style="border: 1px solid #000000;"><span style="font-family: Courier New;"> &ndash;extract or &ndash;get</span></td>
<td align="LEFT" style="border: 1px solid #000000;">x</td>
<td align="LEFT" style="border: 1px solid #000000;">Extracts files from an archive</td>
</tr>
</tbody>
</table>
注:表格
<table cellspacing="0" border="0">
<colgroup width="258"></colgroup>
<colgroup width="152"></colgroup>
<colgroup width="803"></colgroup>
<tbody>
<tr>
<td align="CENTER" height="24" bgcolor="#999999" style="border: 1px solid #000001;"><b><span style="font-size: medium;">Operation modifier</span></b></td>
<td align="CENTER" bgcolor="#999999" style="border: 1px solid #000001;"><b><span style="font-size: medium;">Abbreviation</span></b></td>
<td align="CENTER" bgcolor="#999999" style="border: 1px solid #000001;"><b><span style="font-size: medium;">Description</span></b></td>
</tr>
<tr class="alt">
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;">&mdash;</span>directory dir</td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> C</span></td>
<td align="LEFT" style="border: 1px solid #000001;">Changes to directory dir before performing operations</td>
</tr>
<tr>
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;">&mdash;</span>same-permissions and <span style="font-family: Courier New;">&mdash;</span>same-owner</td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> p</span></td>
<td align="LEFT" style="border: 1px solid #000001;">Preserves permissions and ownership information, respectively.</td>
</tr>
<tr class="alt">
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> &ndash;verbose</span></td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> v</span></td>
<td align="LEFT" style="border: 1px solid #000001;">Lists all files as they are read or extracted; if combined with &ndash;list, it also displays file sizes, ownership, and timestamps</td>
</tr>
<tr>
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;">&mdash;</span>exclude file</td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> &mdash;</span></td>
<td align="LEFT" style="border: 1px solid #000001;">Excludes file from the archive. In this case, file can be an actual file or a pattern.</td>
</tr>
<tr class="alt">
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;">&mdash;</span>gzip or <span style="font-family: Courier New;">&mdash;</span>gunzip</td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> z</span></td>
<td align="LEFT" style="border: 1px solid #000001;">Compresses an archive through gzip</td>
</tr>
<tr>
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> &ndash;bzip2</span></td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> j</span></td>
<td align="LEFT" height="24" style="border: 1px solid #000001;">Compresses an archive through bzip2</td>
</tr>
<tr class="alt">
<td align="LEFT" height="24" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> &ndash;xz</span></td>
<td align="LEFT" style="border: 1px solid #000001;"><span style="font-family: Courier New;"> J</span></td>
<td align="LEFT" style="border: 1px solid #000001;">Compresses an archive through xz</td>
</tr>
</tbody>
</table>
#### Example 5: Creating a tarball and then compressing it using the three compression utilities ####
You may want to compare the effectiveness of each tool before deciding to use one or another. Note that while compressing small files, or a few files, the results may not show much differences, but may give you a glimpse of what they have to offer.
# tar cf ApacheLogs-$(date +%Y%m%d).tar /var/log/httpd/* # Create an ordinary tarball
# tar czf ApacheLogs-$(date +%Y%m%d).tar.gz /var/log/httpd/* # Create a tarball and compress with gzip
# tar cjf ApacheLogs-$(date +%Y%m%d).tar.bz2 /var/log/httpd/* # Create a tarball and compress with bzip2
# tar cJf ApacheLogs-$(date +%Y%m%d).tar.xz /var/log/httpd/* # Create a tarball and compress with xz
![Linux tar command examples](http://www.tecmint.com/wp-content/uploads/2015/03/tar-command-examples.png)
tar command examples
#### Example 6: Preserving original permissions and ownership while archiving and when ####
If you are creating backups from users home directories, you will want to store the individual files with the original permissions and ownership instead of changing them to that of the user account or daemon performing the backup. The following example preserves these attributes while taking the backup of the contents in the `/var/log/httpd` directory:
# tar cJf ApacheLogs-$(date +%Y%m%d).tar.xz /var/log/httpd/* --same-permissions --same-owner
### Create Hard and Soft Links ###
In Linux, there are two types of links to files: hard links and soft (aka symbolic) links. Since a hard link represents another name for an existing file and is identified by the same inode, it then points to the actual data, as opposed to symbolic links, which point to filenames instead.
In addition, hard links do not occupy space on disk, while symbolic links do take a small amount of space to store the text of the link itself. The downside of hard links is that they can only be used to reference files within the filesystem where they are located because inodes are unique inside a filesystem. Symbolic links save the day, in that they point to another file or directory by name rather than by inode, and therefore can cross filesystem boundaries.
The basic syntax to create links is similar in both cases:
# ln TARGET LINK_NAME # Hard link named LINK_NAME to file named TARGET
# ln -s TARGET LINK_NAME # Soft link named LINK_NAME to file named TARGET
#### Example 7: Creating hard and soft links ####
There is no better way to visualize the relation between a file and a hard or symbolic link that point to it, than to create those links. In the following screenshot you will see that the file and the hard link that points to it share the same inode and both are identified by the same disk usage of 466 bytes.
On the other hand, creating a hard link results in an extra disk usage of 5 bytes. Not that youre going to run out of storage capacity, but this example is enough to illustrate the difference between a hard link and a soft link.
![Difference between a hard link and a soft link](http://www.tecmint.com/wp-content/uploads/2015/03/hard-soft-link.png)
Difference between a hard link and a soft link
A typical usage of symbolic links is to reference a versioned file in a Linux system. Suppose there are several programs that need access to file fooX.Y, which is subject to frequent version updates (think of a library, for example). Instead of updating every single reference to fooX.Y every time theres a version update, it is wiser, safer, and faster, to have programs look to a symbolic link named just foo, which in turn points to the actual fooX.Y.
Thus, when X and Y change, you only need to edit the symbolic link foo with a new destination name instead of tracking every usage of the destination file and updating it.
### Summary ###
In this article we have reviewed some essential file and directory management skills that must be a part of every system administrators tool-set. Make sure to review other parts of this series as well in order to integrate these topics with the content covered in this tutorial.
Feel free to let us know if you have any questions or comments. We are always more than glad to hear from our readers.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/file-and-directory-management-in-linux/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/8-pratical-examples-of-linux-touch-command/
[2]:http://www.tecmint.com/13-basic-cat-command-examples-in-linux/
[3]:http://www.tecmint.com/18-tar-command-examples-in-linux/

248
sources/tech/RHCSA Series/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md Normal file
View File

@ -0,0 +1,248 @@
RHCSA Series: How to Manage Users and Groups in RHEL 7 Part 3
================================================================================
Managing a RHEL 7 server, as it is the case with any other Linux server, will require that you know how to add, edit, suspend, or delete user accounts, and grant users the necessary permissions to files, directories, and other system resources to perform their assigned tasks.
![User and Group Management in Linux](http://www.tecmint.com/wp-content/uploads/2015/03/User-and-Group-Management-in-Linux.png)
RHCSA: User and Group Management Part 3
### Managing User Accounts ###
To add a new user account to a RHEL 7 server, you can run either of the following two commands as root:
# adduser [new_account]
# useradd [new_account]
When a new user account is added, by default the following operations are performed.
- His/her home directory is created (`/home/username` unless specified otherwise).
- These `.bash_logout`, `.bash_profile` and `.bashrc` hidden files are copied inside the users home directory, and will be used to provide environment variables for his/her user session. You can explore each of them for further details.
- A mail spool directory is created for the added user account.
- A group is created with the same name as the new user account.
The full account summary is stored in the `/etc/passwd `file. This file holds a record per system user account and has the following format (fields are separated by a colon):
[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]
- These two fields `[username]` and `[Comment]` are self explanatory.
- The second filed x indicates that the account is secured by a shadowed password (in `/etc/shadow`), which is used to logon as `[username]`.
- The fields `[UID]` and `[GID]` are integers that shows the User IDentification and the primary Group IDentification to which `[username]` belongs, equally.
Finally,
- The `[Home directory]` shows the absolute location of `[username]s` home directory, and
- `[Default shell]` is the shell that is commit to this user when he/she logins into the system.
Another important file that you must become familiar with is `/etc/group`, where group information is stored. As it is the case with `/etc/passwd`, there is one record per line and its fields are also delimited by a colon:
[Group name]:[Group password]:[GID]:[Group members]
where,
- `[Group name]` is the name of group.
- Does this group use a group password? (An “x” means no).
- `[GID]`: same as in `/etc/passwd`.
- `[Group members]`: a list of users, separated by commas, that are members of each group.
After adding an account, at anytime, you can edit the users account information using usermod, whose basic syntax is:
# usermod [options] [username]
Read Also:
- [15 useradd Command Examples][1]
- [15 usermod Command Examples][2]
#### EXAMPLE 1: Setting the expiry date for an account ####
If you work for a company that has some kind of policy to enable account for a certain interval of time, or if you want to grant access to a limited period of time, you can use the `--expiredate` flag followed by a date in YYYY-MM-DD format. To verify that the change has been applied, you can compare the output of
# chage -l [username]
before and after updating the account expiry date, as shown in the following image.
![Change User Account Information](http://www.tecmint.com/wp-content/uploads/2015/03/Change-User-Account-Information.png)
Change User Account Information
#### EXAMPLE 2: Adding the user to supplementary groups ####
Besides the primary group that is created when a new user account is added to the system, a user can be added to supplementary groups using the combined -aG, or append groups options, followed by a comma separated list of groups.
#### EXAMPLE 3: Changing the default location of the users home directory and / or changing its shell ####
If for some reason you need to change the default location of the users home directory (other than /home/username), you will need to use the -d, or home options, followed by the absolute path to the new home directory.
If a user wants to use another shell other than bash (for example, sh), which gets assigned by default, use usermod with the shell flag, followed by the path to the new shell.
#### EXAMPLE 4: Displaying the groups an user is a member of ####
After adding the user to a supplementary group, you can verify that it now actually belongs to such group(s):
# groups [username]
# id [username]
The following image depicts Examples 2 through 4:
![Adding User to Supplementary Group](http://www.tecmint.com/wp-content/uploads/2015/03/Adding-User-to-Supplementary-Group.png)
Adding User to Supplementary Group
In the example above:
# usermod --append --groups gacanepa,users --home /tmp --shell /bin/sh tecmint
To remove a user from a group, omit the `--append` switch in the command above and list the groups you want the user to belong to following the `--groups` flag.
#### EXAMPLE 5: Disabling account by locking password ####
To disable an account, you will need to use either the -l (lowercase L) or the lock option to lock a users password. This will prevent the user from being able to log on.
#### EXAMPLE 6: Unlocking password ####
When you need to re-enable the user so that he can log on to the server again, use the -u or the unlock option to unlock a users password that was previously blocked, as explained in Example 5 above.
# usermod --unlock tecmint
The following image illustrates Examples 5 and 6:
![Lock Unlock User Account](http://www.tecmint.com/wp-content/uploads/2015/03/Lock-Unlock-User-Account.png)
Lock Unlock User Account
#### EXAMPLE 7: Deleting a group or an user account ####
To delete a group, youll want to use groupdel, whereas to delete a user account you will use userdel (add the r switch if you also want to delete the contents of its home directory and mail spool):
# groupdel [group_name] # Delete a group
# userdel -r [user_name] # Remove user_name from the system, along with his/her home directory and mail spool
If there are files owned by group_name, they will not be deleted, but the group owner will be set to the GID of the group that was deleted.
### Listing, Setting and Changing Standard ugo/rwx Permissions ###
The well-known [ls command][3] is one of the best friends of any system administrator. When used with the -l flag, this tool allows you to view a list a directorys contents in long (or detailed) format.
However, this command can also be applied to a single file. Either way, the first 10 characters in the output of `ls -l` represent each files attributes.
The first char of this 10-character sequence is used to indicate the file type:
- (hyphen): a regular file
- d: a directory
- l: a symbolic link
- c: a character device (which treats data as a stream of bytes, i.e. a terminal)
- b: a block device (which handles data in blocks, i.e. storage devices)
The next nine characters of the file attributes, divided in groups of three from left to right, are called the file mode and indicate the read (r), write(w), and execute (x) permissions granted to the files owner, the files group owner, and the rest of the users (commonly referred to as “the world”), respectively.
While the read permission on a file allows the same to be opened and read, the same permission on a directory allows its contents to be listed if the execute permission is also set. In addition, the execute permission in a file allows it to be handled as a program and run.
File permissions are changed with the chmod command, whose basic syntax is as follows:
# chmod [new_mode] file
where new_mode is either an octal number or an expression that specifies the new permissions. Feel free to use the mode that works best for you in each case. Or perhaps you already have a preferred way to set a files permissions so feel free to use the method that works best for you.
The octal number can be calculated based on the binary equivalent, which can in turn be obtained from the desired file permissions for the owner of the file, the owner group, and the world.The presence of a certain permission equals a power of 2 (r=22, w=21, x=20), while its absence means 0. For example:
![File Permissions](http://www.tecmint.com/wp-content/uploads/2015/03/File-Permissions.png)
File Permissions
To set the files permissions as indicated above in octal form, type:
# chmod 744 myfile
Please take a minute to compare our previous calculation to the actual output of `ls -l` after changing the files permissions:
![Long List Format](http://www.tecmint.com/wp-content/uploads/2015/03/Long-List-Format.png)
Long List Format
#### EXAMPLE 8: Searching for files with 777 permissions ####
As a security measure, you should make sure that files with 777 permissions (read, write, and execute for everyone) are avoided like the plague under normal circumstances. Although we will explain in a later tutorial how to more effectively locate all the files in your system with a certain permission set, you can -by now- combine ls with grep to obtain such information.
In the following example, we will look for file with 777 permissions in the /etc directory only. Note that we will use pipelining as explained in [Part 2: File and Directory Management][4] of this RHCSA series:
# ls -l /etc | grep rwxrwxrwx
![Find All Files with 777 Permission](http://www.tecmint.com/wp-content/uploads/2015/03/Find-All-777-Files.png)
Find All Files with 777 Permission
#### EXAMPLE 9: Assigning a specific permission to all users ####
Shell scripts, along with some binaries that all users should have access to (not just their corresponding owner and group), should have the execute bit set accordingly (please note that we will discuss a special case later):
# chmod a+x script.sh
**Note**: That we can also set a files mode using an expression that indicates the owners rights with the letter `u`, the group owners rights with the letter `g`, and the rest with `o`. All of these rights can be represented at the same time with the letter `a`. Permissions are granted (or revoked) with the `+` or `-` signs, respectively.
![Set Execute Permission on File](http://www.tecmint.com/wp-content/uploads/2015/03/Set-Execute-Permission-on-File.png)
Set Execute Permission on File
A long directory listing also shows the files owner and its group owner in the first and second columns, respectively. This feature serves as a first-level access control method to files in a system:
![Check File Owner and Group](http://www.tecmint.com/wp-content/uploads/2015/03/Check-File-Owner-and-Group.png)
Check File Owner and Group
To change file ownership, you will use the chown command. Note that you can change the file and group ownership at the same time or separately:
# chown user:group file
**Note**: That you can change the user or group, or the two attributes at the same time, as long as you dont forget the colon, leaving user or group blank if you want to update the other attribute, for example:
# chown :group file # Change group ownership only
# chown user: file # Change user ownership only
#### EXAMPLE 10: Cloning permissions from one file to another ####
If you would like to “clone” ownership from one file to another, you can do so using the reference flag, as follows:
# chown --reference=ref_file file
where the owner and group of ref_file will be assigned to file as well:
![Clone File Ownership](http://www.tecmint.com/wp-content/uploads/2015/03/Clone-File-Ownership.png)
Clone File Ownership
### Setting Up SETGID Directories for Collaboration ###
Should you need to grant access to all the files owned by a certain group inside a specific directory, you will most likely use the approach of setting the setgid bit for such directory. When the setgid bit is set, the effective GID of the real user becomes that of the group owner.
Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created subdirectories will also inherit the setgid bit of the parent directory.
# chmod g+s [filename]
To set the setgid in octal form, prepend the number 2 to the current (or desired) basic permissions.
# chmod 2755 [directory]
### Conclusion ###
A solid knowledge of user and group management, along with standard and special Linux permissions, when coupled with practice, will allow you to quickly identify and troubleshoot issues with file permissions in your RHEL 7 server.
I assure you that as you follow the steps outlined in this article and use the system documentation (as explained in [Part 1: Reviewing Essential Commands & System Documentation][5] of this series) you will master this essential competence of system administration.
Feel free to let us know if you have any questions or comments using the form below.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-exam-manage-users-and-groups/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/add-users-in-linux/
[2]:http://www.tecmint.com/usermod-command-examples/
[3]:http://www.tecmint.com/ls-interview-questions/
[4]:http://www.tecmint.com/file-and-directory-management-in-linux/
[5]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/

254
sources/tech/RHCSA Series/RHCSA Series--Part 04--Editing Text Files with Nano and Vim or Analyzing text with grep and regexps.md Normal file
View File

@ -0,0 +1,254 @@
RHCSA Series: Editing Text Files with Nano and Vim / Analyzing text with grep and regexps Part 4
================================================================================
Every system administrator has to deal with text files as part of his daily responsibilities. That includes editing existing files (most likely configuration files), or creating new ones. It has been said that if you want to start a holy war in the Linux world, you can ask sysadmins what their favorite text editor is and why. We are not going to do that in this article, but will present a few tips that will be helpful to use two of the most widely used text editors in RHEL 7: nano (due to its simplicity and easiness of use, specially to new users), and vi/m (due to its several features that convert it into more than a simple editor). I am sure that you can find many more reasons to use one or the other, or perhaps some other editor such as emacs or pico. Its entirely up to you.
![Learn Nano and vi Editors](http://www.tecmint.com/wp-content/uploads/2015/03/Learn-Nano-and-vi-Editors.png)
RHCSA: Editing Text Files with Nano and Vim Part 4
### Editing Files with Nano Editor ###
To launch nano, you can either just type nano at the command prompt, optionally followed by a filename (in this case, if the file exists, it will be opened in edition mode). If the file does not exist, or if we omit the filename, nano will also be opened in edition mode but will present a blank screen for us to start typing:
![Nano Editor](http://www.tecmint.com/wp-content/uploads/2015/03/Nano-Editor.png)
Nano Editor
As you can see in the previous image, nano displays at the bottom of the screen several functions that are available via the indicated shortcuts (^, aka caret, indicates the Ctrl key). To name a few of them:
- Ctrl + G: brings up the help menu with a complete list of functions and descriptions:Ctrl + X: exits the current file. If changes have not been saved, they are discarded.
- Ctrl + R: lets you choose a file to insert its contents into the present file by specifying a full path.
![Nano Editor Help Menu](http://www.tecmint.com/wp-content/uploads/2015/03/Nano-Help.png)
Nano Editor Help Menu
- Ctrl + O: saves changes made to a file. It will let you save the file with the same name or a different one. Then press Enter to confirm.
![Nano Editor Save Changes Mode](http://www.tecmint.com/wp-content/uploads/2015/03/Nano-Save-Changes.png)
Nano Editor Save Changes Mode
- Ctrl + X: exits the current file. If changes have not been saved, they are discarded.
- Ctrl + R: lets you choose a file to insert its contents into the present file by specifying a full path.
![Nano: Insert File Content to Parent File](http://www.tecmint.com/wp-content/uploads/2015/03/Insert-File-Content.png)
Nano: Insert File Content to Parent File
will insert the contents of /etc/passwd into the current file.
- Ctrl + K: cuts the current line.
- Ctrl + U: paste.
- Ctrl + C: cancels the current operation and places you at the previous screen.
To easily navigate the opened file, nano provides the following features:
- Ctrl + F and Ctrl + B move the cursor forward or backward, whereas Ctrl + P and Ctrl + N move it up or down one line at a time, respectively, just like the arrow keys.
- Ctrl + space and Alt + space move the cursor forward and backward one word at a time.
Finally,
- Ctrl + _ (underscore) and then entering X,Y will take you precisely to Line X, column Y, if you want to place the cursor at a specific place in the document.
![Navigate to Line Numbers in Nano](http://www.tecmint.com/wp-content/uploads/2015/03/Column-Numbers.png)
Navigate to Line Numbers in Nano
The example above will take you to line 15, column 14 in the current document.
If you can recall your early Linux days, specially if you came from Windows, you will probably agree that starting off with nano is the best way to go for a new user.
### Editing Files with Vim Editor ###
Vim is an improved version of vi, a famous text editor in Linux that is available on all POSIX-compliant *nix systems, such as RHEL 7. If you have the chance and can install vim, go ahead; if not, most (if not all) the tips given in this article should also work.
One of vims distinguishing features is the different modes in which it operates:
- Command mode will allow you to browse through the file and enter commands, which are brief and case-sensitive combinations of one or more letters. If you need to repeat one of them a certain number of times, you can prefix it with a number (there are only a few exceptions to this rule). For example, yy (or Y, short for yank) copies the entire current line, whereas 4yy (or 4Y) copies the entire current line along with the next three lines (4 lines in total).
- In ex mode, you can manipulate files (including saving a current file and running outside programs or commands). To enter ex mode, we must type a colon (:) starting from command mode (or in other words, Esc + :), directly followed by the name of the ex-mode command that you want to use.
- In insert mode, which is accessed by typing the letter i, we simply enter text. Most keystrokes result in text appearing on the screen.
- We can always enter command mode (regardless of the mode were working on) by pressing the Esc key.
Lets see how we can perform the same operations that we outlined for nano in the previous section, but now with vim. Dont forget to hit the Enter key to confirm the vim command!
To access vims full manual from the command line, type :help while in command mode and then press Enter:
![vim Edito Help Menu](http://www.tecmint.com/wp-content/uploads/2015/03/vim-Help-Menu.png)
vim Edito Help Menu
The upper section presents an index list of contents, with defined sections dedicated to specific topics about vim. To navigate to a section, place the cursor over it and press Ctrl + ] (closing square bracket). Note that the bottom section displays the current file.
1. To save changes made to a file, run any of the following commands from command mode and it will do the trick:
:wq!
:x!
ZZ (yes, double Z without the colon at the beginning)
2. To exit discarding changes, use :q!. This command will also allow you to exit the help menu described above, and return to the current file in command mode.
3. Cut N number of lines: type Ndd while in command mode.
4. Copy M number of lines: type Myy while in command mode.
5. Paste lines that were previously cutted or copied: press the P key while in command mode.
6. To insert the contents of another file into the current one:
:r filename
For example, to insert the contents of `/etc/fstab`, do:
![Insert Content of File in vi Editor](http://www.tecmint.com/wp-content/uploads/2015/03/Insert-Content-vi-Editor.png)
Insert Content of File in vi Editor
7. To insert the output of a command into the current document:
:r! command
For example, to insert the date and time in the line below the current position of the cursor:
![Insert Time an Date in vi Editor](http://www.tecmint.com/wp-content/uploads/2015/03/Insert-Time-and-Date-in-vi-Editor.png)
Insert Time an Date in vi Editor
In another article that I wrote for, ([Part 2 of the LFCS series][1]), I explained in greater detail the keyboard shortcuts and functions available in vim. You may want to refer to that tutorial for further examples on how to use this powerful text editor.
### Analyzing Text with Grep and Regular Expressions ###
By now you have learned how to create and edit files using nano or vim. Say you become a text editor ninja, so to speak now what? Among other things, you will also need how to search for regular expressions inside text.
A regular expression (also known as “regex” or “regexp“) is a way of identifying a text string or pattern so that a program can compare the pattern against arbitrary text strings. Although the use of regular expressions along with grep would deserve an entire article on its own, let us review the basics here:
**1. The simplest regular expression is an alphanumeric string (i.e., the word “svm”) or two (when two are present, you can use the | (OR) operator):**
# grep -Ei 'svm|vmx' /proc/cpuinfo
The presence of either of those two strings indicate that your processor supports virtualization:
![Regular Expression Example](http://www.tecmint.com/wp-content/uploads/2015/03/Regular-Expression-Example.png)
Regular Expression Example
**2. A second kind of a regular expression is a range list, enclosed between square brackets.**
For example, `c[aeiou]t` matches the strings cat, cet, cit, cot, and cut, whereas `[a-z]` and `[0-9]` match any lowercase letter or decimal digit, respectively. If you want to repeat the regular expression X certain number of times, type `{X}` immediately following the regexp.
For example, lets extract the UUIDs of storage devices from `/etc/fstab`:
# grep -Ei '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o /etc/fstab
![Extract String from a File in Linux](http://www.tecmint.com/wp-content/uploads/2015/03/Extract-String-from-a-File.png)
Extract String from a File
The first expression in brackets `[0-9a-f]` is used to denote lowercase hexadecimal characters, and `{8}` is a quantifier that indicates the number of times that the preceding match should be repeated (the first sequence of characters in an UUID is a 8-character long hexadecimal string).
The parentheses, the `{4}` quantifier, and the hyphen indicate that the next sequence is a 4-character long hexadecimal string, and the quantifier that follows `({3})` denote that the expression should be repeated 3 times.
Finally, the last sequence of 12-character long hexadecimal string in the UUID is retrieved with `[0-9a-f]{12}`, and the -o option prints only the matched (non-empty) parts of the matching line in /etc/fstab.
**3. POSIX character classes.**
注:表格
<table cellspacing="0" border="0">
<colgroup width="201"></colgroup>
<colgroup width="440"></colgroup>
<tbody>
<tr>
<td align="center" height="25" bgcolor="#999999" style="border: 1px solid #000000;"><b>Character Class</b></td>
<td align="center" bgcolor="#999999" style="border: 1px solid #000000;"><b>Matches…</b></td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:alnum:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any alphanumeric [a-zA-Z0-9] character</td>
</tr>
<tr>
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:alpha:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any alphabetic [a-zA-Z] character</td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:blank:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Spaces or tabs</td>
</tr>
<tr>
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:cntrl:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any control characters (ASCII 0 to 32)</td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:digit:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any numeric digits [0-9]</td>
</tr>
<tr>
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:graph:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any visible characters</td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:lower:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any lowercase [a-z] character</td>
</tr>
<tr>
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:print:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any non-control characters</td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:space:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any whitespace</td>
</tr>
<tr>
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:punct:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any punctuation marks</td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:upper:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any uppercase [A-Z] character</td>
</tr>
<tr>
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[[:xdigit:]]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any hex digits [0-9a-fA-F]</td>
</tr>
<tr class="alt">
<td align="left" height="21" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;[:word:]</td>
<td align="left" bgcolor="#FFFFFF" style="border: 1px solid #000000;">&nbsp;Any letters, numbers, and underscores [a-zA-Z0-9_]</td>
</tr>
</tbody>
</table>
For example, we may be interested in finding out what the used UIDs and GIDs (refer to [Part 2][2] of this series to refresh your memory) are for real users that have been added to our system. Thus, we will search for sequences of 4 digits in /etc/passwd:
# grep -Ei [[:digit:]]{4} /etc/passwd
![Search For a String in File](http://www.tecmint.com/wp-content/uploads/2015/03/Search-For-String-in-File.png)
Search For a String in File
The above example may not be the best case of use of regular expressions in the real world, but it clearly illustrates how to use POSIX character classes to analyze text along with grep.
### Conclusion ###
In this article we have provided some tips to make the most of nano and vim, two text editors for the command-line users. Both tools are supported by extensive documentation, which you can consult in their respective official web sites (links given below) and using the suggestions given in [Part 1][3] of this series.
#### Reference Links ####
- [http://www.nano-editor.org/][4]
- [http://www.vim.org/][5]
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-exam-how-to-use-nano-vi-editors/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/vi-editor-usage/
[2]:http://www.tecmint.com/file-and-directory-management-in-linux/
[3]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/
[4]:http://www.nano-editor.org/
[5]:http://www.vim.org/

216
sources/tech/RHCSA Series/RHCSA Series--Part 05--Process Management in RHEL 7--Boot Shutdown and Everything in Between.md Normal file
View File

@ -0,0 +1,216 @@
RHCSA Series: Process Management in RHEL 7: Boot, Shutdown, and Everything in Between Part 5
================================================================================
We will start this article with an overall and brief revision of what happens since the moment you press the Power button to turn on your RHEL 7 server until you are presented with the login screen in a command line interface.
![RHEL 7 Boot Process](http://www.tecmint.com/wp-content/uploads/2015/03/RHEL-7-Boot-Process.png)
Linux Boot Process
**Please note that:**
1. the same basic principles apply, with perhaps minor modifications, to other Linux distributions as well, and
2. the following description is not intended to represent an exhaustive explanation of the boot process, but only the fundamentals.
### Linux Boot Process ###
1. The POST (Power On Self Test) initializes and performs hardware checks.
2. When the POST finishes, the system control is passed to the first stage boot loader, which is stored on either the boot sector of one of the hard disks (for older systems using BIOS and MBR), or a dedicated (U)EFI partition.
3. The first stage boot loader then loads the second stage boot loader, most usually GRUB (GRand Unified Boot Loader), which resides inside /boot, which in turn loads the kernel and the initial RAMbased file system (also known as initramfs, which contains programs and binary files that perform the necessary actions needed to ultimately mount the actual root filesystem).
4. We are presented with a splash screen that allows us to choose an operating system and kernel to boot:
![RHEL 7 Boot Screen](http://www.tecmint.com/wp-content/uploads/2015/03/RHEL-7-Boot-Screen.png)
Boot Menu Screen
5. The kernel sets up the hardware attached to the system and once the root filesystem has been mounted, launches process with PID 1, which in turn will initialize other processes and present us with a login prompt.
Note: That if we wish to do so at a later time, we can examine the specifics of this process using the [dmesg command][1] and filtering its output using the tools that we have explained in previous articles of this series.
![Login Screen and Process PID](http://www.tecmint.com/wp-content/uploads/2015/03/Login-Screen-Process-PID.png)
Login Screen and Process PID
In the example above, we used the well-known ps command to display a list of current processes whose parent process (or in other words, the process that started them) is systemd (the system and service manager that most modern Linux distributions have switched to) during system startup:
# ps -o ppid,pid,uname,comm --ppid=1
Remember that the -o flag (short for format) allows you to present the output of ps in a customized format to suit your needs using the keywords specified in the STANDARD FORMAT SPECIFIERS section in man ps.
Another case in which you will want to define the output of ps instead of going with the default is when you need to find processes that are causing a significant CPU and / or memory load, and sort them accordingly:
# ps aux --sort=+pcpu # Sort by %CPU (ascending)
# ps aux --sort=-pcpu # Sort by %CPU (descending)
# ps aux --sort=+pmem # Sort by %MEM (ascending)
# ps aux --sort=-pmem # Sort by %MEM (descending)
# ps aux --sort=+pcpu,-pmem # Combine sort by %CPU (ascending) and %MEM (descending)
![http://www.tecmint.com/wp-content/uploads/2015/03/ps-command-output.png](http://www.tecmint.com/wp-content/uploads/2015/03/ps-command-output.png)
Customize ps Command Output
### An Introduction to SystemD ###
Few decisions in the Linux world have caused more controversies than the adoption of systemd by major Linux distributions. Systemds advocates name as its main advantages the following facts:
Read Also: [The Story Behind init and systemd][2]
1. Systemd allows more processing to be done in parallel during system startup (as opposed to older SysVinit, which always tends to be slower because it starts processes one by one, checks if one depends on another, and then waits for daemons to launch so more services can start), and
2. It works as a dynamic resource management in a running system. Thus, services are started when needed (to avoid consuming system resources if they are not being used) instead of being launched without a valid reason during boot.
3. Backwards compatibility with SysVinit scripts.
Systemd is controlled by the systemctl utility. If you come from a SysVinit background, chances are you will be familiar with:
- the service tool, which -in those older systems- was used to manage SysVinit scripts, and
- the chkconfig utility, which served the purpose of updating and querying runlevel information for system services.
- shutdown, which you must have used several times to either restart or halt a running system.
The following table shows the similarities between the use of these legacy tools and systemctl:
注:表格
<table cellspacing="0" border="0">
<colgroup width="237"></colgroup>
<colgroup width="256"></colgroup>
<colgroup width="1945"></colgroup>
<tbody>
<tr>
<td align="left" height="25" bgcolor="#B7B7B7" style="border: 1px solid #000000;"><b><span style="color: black; font-family: Arial; font-size: small;">Legacy tool</span></b></td>
<td align="left" bgcolor="#B7B7B7" style="border: 1px solid #000000;"><b><span style="color: black; font-family: Arial; font-size: small;">Systemctl equivalent</span></b></td>
<td align="left" bgcolor="#B7B7B7" style="border: 1px solid #000000;"><b><span style="color: black; font-family: Arial; font-size: small;">Description</span></b></td>
</tr>
<tr class="alt">
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service name start</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl start name</span></td>
<td align="left" style="border: 1px solid #000000;">Start name (where name is a service)</td>
</tr>
<tr>
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service name stop</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl stop name</span></td>
<td align="left" style="border: 1px solid #000000;">Stop name</td>
</tr>
<tr class="alt">
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service name condrestart</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl try-restart name</span></td>
<td align="left" style="border: 1px solid #000000;">Restarts name (if its already running)</td>
</tr>
<tr>
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service name restart</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl restart name</span></td>
<td align="left" style="border: 1px solid #000000;">Restarts name</td>
</tr>
<tr class="alt">
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service name reload</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl reload name</span></td>
<td align="left" style="border: 1px solid #000000;">Reloads the configuration for name</td>
</tr>
<tr>
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service name status</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl status name</span></td>
<td align="left" style="border: 1px solid #000000;">Displays the current status of name</td>
</tr>
<tr class="alt">
<td align="left" height="23" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">service &ndash;status-all</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Arial;">Displays the status of all current services</span></td>
</tr>
<tr>
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">chkconfig name on</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl enable name</span></td>
<td align="left" style="border: 1px solid #000000;">Enable name to run on startup as specified in the unit file (the file to which the symlink points). The process of enabling or disabling a service to start automatically on boot consists in adding or removing symbolic links inside the /etc/systemd/system directory.</td>
</tr>
<tr class="alt">
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">chkconfig name off</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl disable name</span></td>
<td align="left" style="border: 1px solid #000000;">Disables name to run on startup as specified in the unit file (the file to which the symlink points)</td>
</tr>
<tr>
<td align="left" height="21" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">chkconfig &ndash;list name</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl is-enabled name</span></td>
<td align="left" style="border: 1px solid #000000;">Verify whether name (a specific service) is currently enabled</td>
</tr>
<tr class="alt">
<td align="left" height="23" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">chkconfig &ndash;list</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl &ndash;type=service</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Arial;">Displays all services and tells whether they are enabled or disabled</span></td>
</tr>
<tr>
<td align="left" height="23" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">shutdown -h now</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl poweroff</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Arial;">Power-off the machine (halt)</span></td>
</tr>
<tr class="alt">
<td align="left" height="23" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">shutdown -r now</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Courier New;">systemctl reboot</span></td>
<td align="left" style="border: 1px solid #000000;"><span style="color: black; font-family: Arial;">Reboot the system</span></td>
</tr>
</tbody>
</table>
Systemd also introduced the concepts of units (which can be either a service, a mount point, a device, or a network socket) and targets (which is how systemd manages to start several related process at the same time, and can be considered -though not equal- as the equivalent of runlevels in SysVinit-based systems.
### Summing Up ###
Other tasks related with process management include, but may not be limited to, the ability to:
**1. Adjust the execution priority as far as the use of system resources is concerned of a process:**
This is accomplished through the renice utility, which alters the scheduling priority of one or more running processes. In simple terms, the scheduling priority is a feature that allows the kernel (present in versions => 2.6) to allocate system resources as per the assigned execution priority (aka niceness, in a range from -20 through 19) of a given process.
The basic syntax of renice is as follows:
# renice [-n] priority [-gpu] identifier
In the generic command above, the first argument is the priority value to be used, whereas the other argument can be interpreted as process IDs (which is the default setting), process group IDs, user IDs, or user names. A normal user (other than root) can only modify the scheduling priority of a process he or she owns, and only increase the niceness level (which means taking up less system resources).
![Renice Process in Linux](http://www.tecmint.com/wp-content/uploads/2015/03/Process-Scheduling-Priority.png)
Process Scheduling Priority
**2. Kill (or interrupt the normal execution) of a process as needed:**
In more precise terms, killing a process entitles sending it a signal to either finish its execution gracefully (SIGTERM=15) or immediately (SIGKILL=9) through the [kill or pkill commands][3].
The difference between these two tools is that the former is used to terminate a specific process or a process group altogether, while the latter allows you to do the same based on name and other attributes.
In addition, pkill comes bundled with pgrep, which shows you the PIDs that will be affected should pkill be used. For example, before running:
# pkill -u gacanepa
It may be useful to view at a glance which are the PIDs owned by gacanepa:
# pgrep -l -u gacanepa
![Find PIDs of User](http://www.tecmint.com/wp-content/uploads/2015/03/Find-PIDs-of-User.png)
Find PIDs of User
By default, both kill and pkill send the SIGTERM signal to the process. As we mentioned above, this signal can be ignored (while the process finishes its execution or for good), so when you seriously need to stop a running process with a valid reason, you will need to specify the SIGKILL signal on the command line:
# kill -9 identifier # Kill a process or a process group
# kill -s SIGNAL identifier # Idem
# pkill -s SIGNAL identifier # Kill a process by name or other attributes
### Conclusion ###
In this article we have explained the basics of the boot process in a RHEL 7 system, and analyzed some of the tools that are available to help you with managing processes using common utilities and systemd-specific commands.
Note that this list is not intended to cover all the bells and whistles of this topic, so feel free to add your own preferred tools and commands to this article using the comment form below. Questions and other comments are also welcome.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-exam-boot-process-and-process-management/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/dmesg-commands/
[2]:http://www.tecmint.com/systemd-replaces-init-in-linux/
[3]:http://www.tecmint.com/how-to-kill-a-process-in-linux/

269
sources/tech/RHCSA Series/RHCSA Series--Part 06--Using 'Parted' and 'SSM' to Configure and Encrypt System Storage.md Normal file
View File

@ -0,0 +1,269 @@
RHCSA Series: Using Parted and SSM to Configure and Encrypt System Storage Part 6
================================================================================
In this article we will discuss how to set up and configure local system storage in Red Hat Enterprise Linux 7 using classic tools and introducing the System Storage Manager (also known as SSM), which greatly simplifies this task.
![Configure and Encrypt System Storage](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-and-Encrypt-System-Storage.png)
RHCSA: Configure and Encrypt System Storage Part 6
Please note that we will present this topic in this article but will continue its description and usage on the next one (Part 7) due to vastness of the subject.
### Creating and Modifying Partitions in RHEL 7 ###
In RHEL 7, parted is the default utility to work with partitions, and will allow you to:
- Display the current partition table
- Manipulate (increase or decrease the size of) existing partitions
- Create partitions using free space or additional physical storage devices
It is recommended that before attempting the creation of a new partition or the modification of an existing one, you should ensure that none of the partitions on the device are in use (`umount /dev/partition`), and if youre using part of the device as swap you need to disable it (`swapoff -v /dev/partition`) during the process.
The easiest way to do this is to boot RHEL in rescue mode using an installation media such as a RHEL 7 installation DVD or USB (Troubleshooting → Rescue a Red Hat Enterprise Linux system) and Select Skip when youre prompted to choose an option to mount the existing Linux installation, and you will be presented with a command prompt where you can start typing the same commands as shown as follows during the creation of an ordinary partition in a physical device that is not being used.
![RHEL 7 Rescue Mode](http://www.tecmint.com/wp-content/uploads/2015/04/RHEL-7-Rescue-Mode.png)
RHEL 7 Rescue Mode
To start parted, simply type.
# parted /dev/sdb
Where `/dev/sdb` is the device where you will create the new partition; next, type print to display the current drives partition table:
![Creat New Partition](http://www.tecmint.com/wp-content/uploads/2015/04/Create-New-Partition.png)
Creat New Partition
As you can see, in this example we are using a virtual drive of 5 GB. We will now proceed to create a 4 GB primary partition and then format it with the xfs filesystem, which is the default in RHEL 7.
You can choose from a variety of file systems. You will need to manually create the partition with mkpart and then format it with mkfs.fstype as usual because mkpart does not support many modern filesystems out-of-the-box.
In the following example we will set a label for the device and then create a primary partition `(p)` on `/dev/sdb`, which starts at the 0% percentage of the device and ends at 4000 MB (4 GB):
![Set Partition Name in Linux](http://www.tecmint.com/wp-content/uploads/2015/04/Label-Partition.png)
Label Partition Name
Next, we will format the partition as xfs and print the partition table again to verify that changes were applied:
# mkfs.xfs /dev/sdb1
# parted /dev/sdb print
![Format Partition in Linux](http://www.tecmint.com/wp-content/uploads/2015/04/Format-Partition-in-Linux.png)
Format Partition as XFS Filesystem
For older filesystems, you could use the resize command in parted to resize a partition. Unfortunately, this only applies to ext2, fat16, fat32, hfs, linux-swap, and reiserfs (if libreiserfs is installed).
Thus, the only way to resize a partition is by deleting it and creating it again (so make sure you have a good backup of your data!). No wonder the default partitioning scheme in RHEL 7 is based on LVM.
To remove a partition with parted:
# parted /dev/sdb print
# parted /dev/sdb rm 1
![Remove Partition in Linux](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-Partition-in-Linux.png)
Remove or Delete Partition
### The Logical Volume Manager (LVM) ###
Once a disk has been partitioned, it can be difficult or risky to change the partition sizes. For that reason, if we plan on resizing the partitions on our system, we should consider the possibility of using LVM instead of the classic partitioning system, where several physical devices can form a volume group that will host a defined number of logical volumes, which can be expanded or reduced without any hassle.
In simple terms, you may find the following diagram useful to remember the basic architecture of LVM.
![Basic Architecture of LVM](http://www.tecmint.com/wp-content/uploads/2015/04/LVM-Diagram.png)
Basic Architecture of LVM
#### Creating Physical Volumes, Volume Group and Logical Volumes ####
Follow these steps in order to set up LVM using classic volume management tools. Since you can expand this topic reading the [LVM series on this site][1], I will only outline the basic steps to set up LVM, and then compare them to implementing the same functionality with SSM.
**Note**: That we will use the whole disks `/dev/sdb` and `/dev/sdc` as PVs (Physical Volumes) but its entirely up to you if you want to do the same.
**1. Create partitions `/dev/sdb1` and `/dev/sdc1` using 100% of the available disk space in /dev/sdb and /dev/sdc:**
# parted /dev/sdb print
# parted /dev/sdc print
![Create New Partitions](http://www.tecmint.com/wp-content/uploads/2015/04/Create-New-Partitions.png)
Create New Partitions
**2. Create 2 physical volumes on top of /dev/sdb1 and /dev/sdc1, respectively.**
# pvcreate /dev/sdb1
# pvcreate /dev/sdc1
![Create Two Physical Volumes](http://www.tecmint.com/wp-content/uploads/2015/04/Create-Physical-Volumes.png)
Create Two Physical Volumes
Remember that you can use pvdisplay /dev/sd{b,c}1 to show information about the newly created PVs.
**3. Create a VG on top of the PV that you created in the previous step:**
# vgcreate tecmint_vg /dev/sd{b,c}1
![Create Volume Group in Linux](http://www.tecmint.com/wp-content/uploads/2015/04/Create-Volume-Group.png)
Create Volume Group
Remember that you can use vgdisplay tecmint_vg to show information about the newly created VG.
**4. Create three logical volumes on top of VG tecmint_vg, as follows:**
# lvcreate -L 3G -n vol01_docs tecmint_vg [vol01_docs → 3 GB]
# lvcreate -L 1G -n vol02_logs tecmint_vg [vol02_logs → 1 GB]
# lvcreate -l 100%FREE -n vol03_homes tecmint_vg [vol03_homes → 6 GB]
![Create Logical Volumes in LVM](http://www.tecmint.com/wp-content/uploads/2015/04/Create-Logical-Volumes.png)
Create Logical Volumes
Remember that you can use lvdisplay tecmint_vg to show information about the newly created LVs on top of VG tecmint_vg.
**5. Format each of the logical volumes with xfs (do NOT use xfs if youre planning on shrinking volumes later!):**
# mkfs.xfs /dev/tecmint_vg/vol01_docs
# mkfs.xfs /dev/tecmint_vg/vol02_logs
# mkfs.xfs /dev/tecmint_vg/vol03_homes
**6. Finally, mount them:**
# mount /dev/tecmint_vg/vol01_docs /mnt/docs
# mount /dev/tecmint_vg/vol02_logs /mnt/logs
# mount /dev/tecmint_vg/vol03_homes /mnt/homes
#### Removing Logical Volumes, Volume Group and Physical Volumes ####
**7. Now we will reverse the LVM implementation and remove the LVs, the VG, and the PVs:**
# lvremove /dev/tecmint_vg/vol01_docs
# lvremove /dev/tecmint_vg/vol02_logs
# lvremove /dev/tecmint_vg/vol03_homes
# vgremove /dev/tecmint_vg
# pvremove /dev/sd{b,c}1
**8. Now lets install SSM and we will see how to perform the above in ONLY 1 STEP!**
# yum update && yum install system-storage-manager
We will use the same names and sizes as before:
# ssm create -s 3G -n vol01_docs -p tecmint_vg --fstype ext4 /mnt/docs /dev/sd{b,c}1
# ssm create -s 1G -n vol02_logs -p tecmint_vg --fstype ext4 /mnt/logs /dev/sd{b,c}1
# ssm create -n vol03_homes -p tecmint_vg --fstype ext4 /mnt/homes /dev/sd{b,c}1
Yes! SSM will let you:
- initialize block devices as physical volumes
- create a volume group
- create logical volumes
- format LVs, and
- mount them using only one command
**9. We can now display the information about PVs, VGs, or LVs, respectively, as follows:**
# ssm list dev
# ssm list pool
# ssm list vol
![Check Information of PVs, VGs, or LVs](http://www.tecmint.com/wp-content/uploads/2015/04/Display-LVM-Information.png)
Check Information of PVs, VGs, or LVs
**10. As we already know, one of the distinguishing features of LVM is the possibility to resize (expand or decrease) logical volumes without downtime.**
Say we are running out of space in vol02_logs but have plenty of space in vol03_homes. We will resize vol03_homes to 4 GB and expand vol02_logs to use the remaining space:
# ssm resize -s 4G /dev/tecmint_vg/vol03_homes
Run ssm list pool again and take note of the free space in tecmint_vg:
![Check Volume Size](http://www.tecmint.com/wp-content/uploads/2015/04/Check-LVM-Free-Space.png)
Check Volume Size
Then do:
# ssm resize -s+1.99 /dev/tecmint_vg/vol02_logs
**Note**: that the plus sign after the -s flag indicates that the specified value should be added to the present value.
**11. Removing logical volumes and volume groups is much easier with ssm as well. A simple,**
# ssm remove tecmint_vg
will return a prompt asking you to confirm the deletion of the VG and the LVs it contains:
![Remove Logical Volume and Volume Group](http://www.tecmint.com/wp-content/uploads/2015/04/Remove-LV-VG.png)
Remove Logical Volume and Volume Group
### Managing Encrypted Volumes ###
SSM also provides system administrators with the capability of managing encryption for new or existing volumes. You will need the cryptsetup package installed first:
# yum update && yum install cryptsetup
Then issue the following command to create an encrypted volume. You will be prompted to enter a passphrase to maximize security:
# ssm create -s 3G -n vol01_docs -p tecmint_vg --fstype ext4 --encrypt luks /mnt/docs /dev/sd{b,c}1
# ssm create -s 1G -n vol02_logs -p tecmint_vg --fstype ext4 --encrypt luks /mnt/logs /dev/sd{b,c}1
# ssm create -n vol03_homes -p tecmint_vg --fstype ext4 --encrypt luks /mnt/homes /dev/sd{b,c}1
Our next task consists in adding the corresponding entries in /etc/fstab in order for those logical volumes to be available on boot. Rather than using the device identifier (/dev/something).
We will use each LVs UUID (so that our devices will still be uniquely identified should we add other logical volumes or devices), which we can find out with the blkid utility:
# blkid -o value UUID /dev/tecmint_vg/vol01_docs
# blkid -o value UUID /dev/tecmint_vg/vol02_logs
# blkid -o value UUID /dev/tecmint_vg/vol03_homes
In our case:
![Find Logical Volume UUID](http://www.tecmint.com/wp-content/uploads/2015/04/Logical-Volume-UUID.png)
Find Logical Volume UUID
Next, create the /etc/crypttab file with the following contents (change the UUIDs for the ones that apply to your setup):
docs UUID=ba77d113-f849-4ddf-8048-13860399fca8 none
logs UUID=58f89c5a-f694-4443-83d6-2e83878e30e4 none
homes UUID=92245af6-3f38-4e07-8dd8-787f4690d7ac none
And insert the following entries in /etc/fstab. Note that device_name (/dev/mapper/device_name) is the mapper identifier that appears in the first column of /etc/crypttab.
# Logical volume vol01_docs:
/dev/mapper/docs /mnt/docs ext4 defaults 0 2
# Logical volume vol02_logs
/dev/mapper/logs /mnt/logs ext4 defaults 0 2
# Logical volume vol03_homes
/dev/mapper/homes /mnt/homes ext4 defaults 0 2
Now reboot (systemctl reboot) and you will be prompted to enter the passphrase for each LV. Afterwards you can confirm that the mount operation was successful by checking the corresponding mount points:
![Verify Logical Volume Mount Points](http://www.tecmint.com/wp-content/uploads/2015/04/Verify-LV-Mount-Points.png)
Verify Logical Volume Mount Points
### Conclusion ###
In this tutorial we have started to explore how to set up and configure system storage using classic volume management tools and SSM, which also integrates filesystem and encryption capabilities in one package. This makes SSM an invaluable tool for any sysadmin.
Let us know if you have any questions or comments feel free to use the form below to get in touch with us!
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-exam-create-format-resize-delete-and-encrypt-partitions-in-linux/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/create-lvm-storage-in-linux/

212
sources/tech/RHCSA Series/RHCSA Series--Part 07--Using ACLs (Access Control Lists) and Mounting Samba or NFS Shares.md Normal file
View File

@ -0,0 +1,212 @@
RHCSA Series: Using ACLs (Access Control Lists) and Mounting Samba / NFS Shares Part 7
================================================================================
In the last article ([RHCSA series Part 6][1]) we started explaining how to set up and configure local system storage using parted and ssm.
![Configure ACL's and Mounting NFS / Samba Shares](http://www.tecmint.com/wp-content/uploads/2015/04/Configure-ACLs-and-Mounting-NFS-Samba-Shares.png)
RHCSA Series:: Configure ACLs and Mounting NFS / Samba Shares Part 7
We also discussed how to create and mount encrypted volumes with a password during system boot. In addition, we warned you to avoid performing critical storage management operations on mounted filesystems. With that in mind we will now review the most used file system formats in Red Hat Enterprise Linux 7 and then proceed to cover the topics of mounting, using, and unmounting both manually and automatically network filesystems (CIFS and NFS), along with the implementation of access control lists for your system.
#### Prerequisites ####
Before proceeding further, please make sure you have a Samba server and a NFS server available (note that NFSv2 is no longer supported in RHEL 7).
During this guide we will use a machine with IP 192.168.0.10 with both services running in it as server, and a RHEL 7 box as client with IP address 192.168.0.18. Later in the article we will tell you which packages you need to install on the client.
### File System Formats in RHEL 7 ###
Beginning with RHEL 7, XFS has been introduced as the default file system for all architectures due to its high performance and scalability. It currently supports a maximum filesystem size of 500 TB as per the latest tests performed by Red Hat and its partners for mainstream hardware.
Also, XFS enables user_xattr (extended user attributes) and acl (POSIX access control lists) as default mount options, unlike ext3 or ext4 (ext2 is considered deprecated as of RHEL 7), which means that you dont need to specify those options explicitly either on the command line or in /etc/fstab when mounting a XFS filesystem (if you want to disable such options in this last case, you have to explicitly use no_acl and no_user_xattr).
Keep in mind that the extended user attributes can be assigned to files and directories for storing arbitrary additional information such as the mime type, character set or encoding of a file, whereas the access permissions for user attributes are defined by the regular file permission bits.
#### Access Control Lists ####
As every system administrator, either beginner or expert, is well acquainted with regular access permissions on files and directories, which specify certain privileges (read, write, and execute) for the owner, the group, and “the world” (all others). However, feel free to refer to [Part 3 of the RHCSA series][2] if you need to refresh your memory a little bit.
However, since the standard ugo/rwx set does not allow to configure different permissions for different users, ACLs were introduced in order to define more detailed access rights for files and directories than those specified by regular permissions.
In fact, ACL-defined permissions are a superset of the permissions specified by the file permission bits. Lets see how all of this translates is applied in the real world.
1. There are two types of ACLs: access ACLs, which can be applied to either a specific file or a directory), and default ACLs, which can only be applied to a directory. If files contained therein do not have a ACL set, they inherit the default ACL of their parent directory.
2. To begin, ACLs can be configured per user, per group, or per an user not in the owning group of a file.
3. ACLs are set (and removed) using setfacl, with either the -m or -x options, respectively.
For example, let us create a group named tecmint and add users johndoe and davenull to it:
# groupadd tecmint
# useradd johndoe
# useradd davenull
# usermod -a -G tecmint johndoe
# usermod -a -G tecmint davenull
And lets verify that both users belong to supplementary group tecmint:
# id johndoe
# id davenull
![Verify Users](http://www.tecmint.com/wp-content/uploads/2015/04/Verify-Users.png)
Verify Users
Lets now create a directory called playground within /mnt, and a file named testfile.txt inside. We will set the group owner to tecmint and change its default ugo/rwx permissions to 770 (read, write, and execute permissions granted to both the owner and the group owner of the file):
# mkdir /mnt/playground
# touch /mnt/playground/testfile.txt
# chmod 770 /mnt/playground/testfile.txt
Then switch user to johndoe and davenull, in that order, and write to the file:
echo "My name is John Doe" > /mnt/playground/testfile.txt
echo "My name is Dave Null" >> /mnt/playground/testfile.txt
So far so good. Now lets have user gacanepa write to the file and the write operation will, which was to be expected.
But what if we actually need user gacanepa (who is not a member of group tecmint) to have write permissions on /mnt/playground/testfile.txt? The first thing that may come to your mind is adding that user account to group tecmint. But that will give him write permissions on ALL files were the write bit is set for the group, and we dont want that. We only want him to be able to write to /mnt/playground/testfile.txt.
# touch /mnt/playground/testfile.txt
# chown :tecmint /mnt/playground/testfile.txt
# chmod 777 /mnt/playground/testfile.txt
# su johndoe
$ echo "My name is John Doe" > /mnt/playground/testfile.txt
$ su davenull
$ echo "My name is Dave Null" >> /mnt/playground/testfile.txt
$ su gacanepa
$ echo "My name is Gabriel Canepa" >> /mnt/playground/testfile.txt
![Manage User Permissions](http://www.tecmint.com/wp-content/uploads/2015/04/User-Permissions.png)
Manage User Permissions
Lets give user gacanepa read and write access to /mnt/playground/testfile.txt.
Run as root,
# setfacl -R -m u:gacanepa:rwx /mnt/playground
and youll have successfully added an ACL that allows gacanepa to write to the test file. Then switch to user gacanepa and try to write to the file again:
$ echo "My name is Gabriel Canepa" >> /mnt/playground/testfile.txt
To view the ACLs for a specific file or directory, use getfacl:
# getfacl /mnt/playground/testfile.txt
![Check ACLs of Files](http://www.tecmint.com/wp-content/uploads/2015/04/Check-ACL-of-File.png)
Check ACLs of Files
To set a default ACL to a directory (which its contents will inherit unless overwritten otherwise), add d: before the rule and specify a directory instead of a file name:
# setfacl -m d:o:r /mnt/playground
The ACL above will allow users not in the owner group to have read access to the future contents of the /mnt/playground directory. Note the difference in the output of getfacl /mnt/playground before and after the change:
![Set Default ACL in Linux](http://www.tecmint.com/wp-content/uploads/2015/04/Set-Default-ACL-in-Linux.png)
Set Default ACL in Linux
[Chapter 20 in the official RHEL 7 Storage Administration Guide][3] provides more ACL examples, and I highly recommend you take a look at it and have it handy as reference.
#### Mounting NFS Network Shares ####
To show the list of NFS shares available in your server, you can use the showmount command with the -e option, followed by the machine name or its IP address. This tool is included in the nfs-utils package:
# yum update && yum install nfs-utils
Then do:
# showmount -e 192.168.0.10
and you will get a list of the available NFS shares on 192.168.0.10:
![Check Available NFS Shares](http://www.tecmint.com/wp-content/uploads/2015/04/Mount-NFS-Shares.png)
Check Available NFS Shares
To mount NFS network shares on the local client using the command line on demand, use the following syntax:
# mount -t nfs -o [options] remote_host:/remote/directory /local/directory
which, in our case, translates to:
# mount -t nfs 192.168.0.10:/NFS-SHARE /mnt/nfs
If you get the following error message: “Job for rpc-statd.service failed. See “systemctl status rpc-statd.service” and “journalctl -xn” for details.”, make sure the rpcbind service is enabled and started in your system first:
# systemctl enable rpcbind.socket
# systemctl restart rpcbind.service
and then reboot. That should do the trick and you will be able to mount your NFS share as explained earlier. If you need to mount the NFS share automatically on system boot, add a valid entry to the /etc/fstab file:
remote_host:/remote/directory /local/directory nfs options 0 0
The variables remote_host, /remote/directory, /local/directory, and options (which is optional) are the same ones used when manually mounting an NFS share from the command line. As per our previous example:
192.168.0.10:/NFS-SHARE /mnt/nfs nfs defaults 0 0
#### Mounting CIFS (Samba) Network Shares ####
Samba represents the tool of choice to make a network share available in a network with *nix and Windows machines. To show the Samba shares that are available, use the smbclient command with the -L flag, followed by the machine name or its IP address. This tool is included in the samba-client package:
You will be prompted for roots password in the remote host:
# smbclient -L 192.168.0.10
![Check Samba Shares](http://www.tecmint.com/wp-content/uploads/2015/04/Check-Samba-Shares.png)
Check Samba Shares
To mount Samba network shares on the local client you will need to install first the cifs-utils package:
# yum update && yum install cifs-utils
Then use the following syntax on the command line:
# mount -t cifs -o credentials=/path/to/credentials/file //remote_host/samba_share /local/directory
which, in our case, translates to:
# mount -t cifs -o credentials=~/.smbcredentials //192.168.0.10/gacanepa /mnt/samba
where smbcredentials:
username=gacanepa
password=XXXXXX
is a hidden file inside roots home (/root/) with permissions set to 600, so that no one else but the owner of the file can read or write to it.
Please note that the samba_share is the name of the Samba share as returned by smbclient -L remote_host as shown above.
Now, if you need the Samba share to be available automatically on system boot, add a valid entry to the /etc/fstab file as follows:
//remote_host:/samba_share /local/directory cifs options 0 0
The variables remote_host, /samba_share, /local/directory, and options (which is optional) are the same ones used when manually mounting a Samba share from the command line. Following the definitions given in our previous example:
//192.168.0.10/gacanepa /mnt/samba cifs credentials=/root/smbcredentials,defaults 0 0
### Conclusion ###
In this article we have explained how to set up ACLs in Linux, and discussed how to mount CIFS and NFS network shares in a RHEL 7 client.
I recommend you to practice these concepts and even mix them (go ahead and try to set ACLs in mounted network shares) until you feel comfortable. If you have questions or comments feel free to use the form below to contact us anytime. Also, feel free to share this article through your social networks.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-exam-configure-acls-and-mount-nfs-samba-shares/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/rhcsa-exam-create-format-resize-delete-and-encrypt-partitions-in-linux/
[2]:http://www.tecmint.com/rhcsa-exam-manage-users-and-groups/
[3]:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Storage_Administration_Guide/ch-acls.html

215
sources/tech/RHCSA Series/RHCSA Series--Part 08--Securing SSH, Setting Hostname and Enabling Network Services.md Normal file
View File

@ -0,0 +1,215 @@
RHCSA Series: Securing SSH, Setting Hostname and Enabling Network Services Part 8
================================================================================
As a system administrator you will often have to log on to remote systems to perform a variety of administration tasks using a terminal emulator. You will rarely sit in front of a real (physical) terminal, so you need to set up a way to log on remotely to the machines that you will be asked to manage.
In fact, that may be the last thing that you will have to do in front of a physical terminal. For security reasons, using Telnet for this purpose is not a good idea, as all traffic goes through the wire in unencrypted, plain text.
In addition, in this article we will also review how to configure network services to start automatically at boot and learn how to set up network and hostname resolution statically or dynamically.
![RHCSA: Secure SSH and Enable Network Services](http://www.tecmint.com/wp-content/uploads/2015/05/Secure-SSH-Server-and-Enable-Network-Services.png)
RHCSA: Secure SSH and Enable Network Services Part 8
### Installing and Securing SSH Communication ###
For you to be able to log on remotely to a RHEL 7 box using SSH, you will have to install the openssh, openssh-clients and openssh-servers packages. The following command not only will install the remote login program, but also the secure file transfer tool, as well as the remote file copy utility:
# yum update && yum install openssh openssh-clients openssh-servers
Note that its a good idea to install the server counterparts as you may want to use the same machine as both client and server at some point or another.
After installation, there is a couple of basic things that you need to take into account if you want to secure remote access to your SSH server. The following settings should be present in the `/etc/ssh/sshd_config` file.
1. Change the port where the sshd daemon will listen on from 22 (the default value) to a high port (2000 or greater), but first make sure the chosen port is not being used.
For example, lets suppose you choose port 2500. Use [netstat][1] in order to check whether the chosen port is being used or not:
# netstat -npltu | grep 2500
If netstat does not return anything, you can safely use port 2500 for sshd, and you should change the Port setting in the configuration file as follows:
Port 2500
2. Only allow protocol 2:
Protocol 2
3. Configure the authentication timeout to 2 minutes, do not allow root logins, and restrict to a minimum the list of users which are allowed to login via ssh:
LoginGraceTime 2m
PermitRootLogin no
AllowUsers gacanepa
4. If possible, use key-based instead of password authentication:
PasswordAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
This assumes that you have already created a key pair with your user name on your client machine and copied it to your server as explained here.
- [Enable SSH Passwordless Login][2]
### Configuring Networking and Name Resolution ###
1. Every system administrator should be well acquainted with the following system-wide configuration files:
- /etc/hosts is used to resolve names <---> IPs in small networks.
Every line in the `/etc/hosts` file has the following structure:
IP address - Hostname - FQDN
For example,
192.168.0.10 laptop laptop.gabrielcanepa.com.ar
2. `/etc/resolv.conf` specifies the IP addresses of DNS servers and the search domain, which is used for completing a given query name to a fully qualified domain name when no domain suffix is supplied.
Under normal circumstances, you dont need to edit this file as it is managed by the system. However, should you want to change DNS servers, be advised that you need to stick to the following structure in each line:
nameserver - IP address
For example,
nameserver 8.8.8.8
3. 3. `/etc/host.conf` specifies the methods and the order by which hostnames are resolved within a network. In other words, tells the name resolver which services to use, and in what order.
Although this file has several options, the most common and basic setup includes a line as follows:
order bind,hosts
Which indicates that the resolver should first look in the nameservers specified in `resolv.conf` and then to the `/etc/hosts` file for name resolution.
4. `/etc/sysconfig/network` contains routing and global host information for all network interfaces. The following values may be used:
NETWORKING=yes|no
HOSTNAME=value
Where value should be the Fully Qualified Domain Name (FQDN).
GATEWAY=XXX.XXX.XXX.XXX
Where XXX.XXX.XXX.XXX is the IP address of the networks gateway.
GATEWAYDEV=value
In a machine with multiple NICs, value is the gateway device, such as enp0s3.
5. Files inside `/etc/sysconfig/network-scripts` (network adapters configuration files).
Inside the directory mentioned previously, you will find several plain text files named.
ifcfg-name
Where name is the name of the NIC as returned by ip link show:
![Check Network Link Status](http://www.tecmint.com/wp-content/uploads/2015/05/Check-IP-Address.png)
Check Network Link Status
For example:
![Network Files](http://www.tecmint.com/wp-content/uploads/2015/05/Network-Files.png)
Network Files
Other than for the loopback interface, you can expect a similar configuration for your NICs. Note that some variables, if set, will override those present in `/etc/sysconfig/network` for this particular interface. Each line is commented for clarification in this article but in the actual file you should avoid comments:
HWADDR=08:00:27:4E:59:37 # The MAC address of the NIC
TYPE=Ethernet # Type of connection
BOOTPROTO=static # This indicates that this NIC has been assigned a static IP. If this variable was set to dhcp, the NIC will be assigned an IP address by a DHCP server and thus the next two lines should not be present in that case.
IPADDR=192.168.0.18
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
NM_CONTROLLED=no # Should be added to the Ethernet interface to prevent NetworkManager from changing the file.
NAME=enp0s3
UUID=14033805-98ef-4049-bc7b-d4bea76ed2eb
ONBOOT=yes # The operating system should bring up this NIC during boot
### Setting Hostnames ###
In Red Hat Enterprise Linux 7, the hostnamectl command is used to both query and set the systems hostname.
To display the current hostname, type:
# hostnamectl status
![Check System hostname in CentOS 7](http://www.tecmint.com/wp-content/uploads/2015/05/Check-System-hostname.png)
Check System Hostname
To change the hostname, use
# hostnamectl set-hostname [new hostname]
For example,
# hostnamectl set-hostname cinderella
For the changes to take effect you will need to restart the hostnamed daemon (that way you will not have to log off and on again in order to apply the change):
# systemctl restart systemd-hostnamed
![Set System Hostname in CentOS 7](http://www.tecmint.com/wp-content/uploads/2015/05/Set-System-Hostname.png)
Set System Hostname
In addition, RHEL 7 also includes the nmcli utility that can be used for the same purpose. To display the hostname, run:
# nmcli general hostname
and to change it:
# nmcli general hostname [new hostname]
For example,
# nmcli general hostname rhel7
![Set Hostname Using nmcli Command](http://www.tecmint.com/wp-content/uploads/2015/05/nmcli-command.png)
Set Hostname Using nmcli Command
### Starting Network Services on Boot ###
To wrap up, let us see how we can ensure that network services are started automatically on boot. In simple terms, this is done by creating symlinks to certain files specified in the [Install] section of the service configuration files.
In the case of firewalld (/usr/lib/systemd/system/firewalld.service):
[Install]
WantedBy=basic.target
Alias=dbus-org.fedoraproject.FirewallD1.service
To enable the service:
# systemctl enable firewalld
On the other hand, disabling firewalld entitles removing the symlinks:
# systemctl disable firewalld
![Enable Service at System Boot](http://www.tecmint.com/wp-content/uploads/2015/05/Enable-Service-at-System-Boot.png)
Enable Service at System Boot
### Conclusion ###
In this article we have summarized how to install and secure connections via SSH to a RHEL server, how to change its name, and finally how to ensure that network services are started on boot. If you notice that a certain service has failed to start properly, you can use systemctl status -l [service] and journalctl -xn to troubleshoot it.
Feel free to let us know what you think about this article using the comment form below. Questions are also welcome. We look forward to hearing from you!
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-series-secure-ssh-set-hostname-enable-network-services-in-rhel-7/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/20-netstat-commands-for-linux-network-management/
[2]:http://www.tecmint.com/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps/

176
sources/tech/RHCSA Series/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md Normal file
View File

@ -0,0 +1,176 @@
RHCSA Series: Installing, Configuring and Securing a Web and FTP Server Part 9
================================================================================
A web server (also known as a HTTP server) is a service that handles content (most commonly web pages, but other types of documents as well) over to a client in a network.
A FTP server is one of the oldest and most commonly used resources (even to this day) to make files available to clients on a network in cases where no authentication is necessary since FTP uses username and password without encryption.
The web server available in RHEL 7 is version 2.4 of the Apache HTTP Server. As for the FTP server, we will use the Very Secure Ftp Daemon (aka vsftpd) to establish connections secured by TLS.
![Configuring and Securing Apache and FTP Server](http://www.tecmint.com/wp-content/uploads/2015/05/Install-Configure-Secure-Apache-FTP-Server.png)
RHCSA: Installing, Configuring and Securing Apache and FTP Part 9
In this article we will explain how to install, configure, and secure a web server and a FTP server in RHEL 7.
### Installing Apache and FTP Server ###
In this guide we will use a RHEL 7 server with a static IP address of 192.168.0.18/24. To install Apache and VSFTPD, run the following command:
# yum update && yum install httpd vsftpd
When the installation completes, both services will be disabled initially, so we need to start them manually for the time being and enable them to start automatically beginning with the next boot:
# systemctl start httpd
# systemctl enable httpd
# systemctl start vsftpd
# systemctl enable vsftpd
In addition, we have to open ports 80 and 21, where the web and ftp daemons are listening, respectively, in order to allow access to those services from the outside:
# firewall-cmd --zone=public --add-port=80/tcp --permanent
# firewall-cmd --zone=public --add-service=ftp --permanent
# firewall-cmd --reload
To confirm that the web server is working properly, fire up your browser and enter the IP of the server. You should see the test page:
![Confirm Apache Web Server](http://www.tecmint.com/wp-content/uploads/2015/05/Confirm-Apache-Web-Server.png)
Confirm Apache Web Server
As for the ftp server, we will have to configure it further, which we will do in a minute, before confirming that its working as expected.
### Configuring and Securing Apache Web Server ###
The main configuration file for Apache is located in `/etc/httpd/conf/httpd.conf`, but it may rely on other files present inside `/etc/httpd/conf.d`.
Although the default configuration should be sufficient for most cases, its a good idea to become familiar with all the available options as described in the [official documentation][1].
As always, make a backup copy of the main configuration file before editing it:
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.$(date +%Y%m%d)
Then open it with your preferred text editor and look for the following variables:
- ServerRoot: the directory where the servers configuration, error, and log files are kept.
- Listen: instructs Apache to listen on specific IP address and / or ports.
- Include: allows the inclusion of other configuration files, which must exist. Otherwise, the server will fail, as opposed to the IncludeOptional directive, which is silently ignored if the specified configuration files do not exist.
- User and Group: the name of the user/group to run the httpd service as.
- DocumentRoot: The directory out of which Apache will serve your documents. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations.
- ServerName: this directive sets the hostname (or IP address) and port that the server uses to identify itself.
The first security measure will consist of creating a dedicated user and group (i.e. tecmint/tecmint) to run the web server as and changing the default port to a higher one (9000 in this case):
ServerRoot "/etc/httpd"
Listen 192.168.0.18:9000
User tecmint
Group tecmint
DocumentRoot "/var/www/html"
ServerName 192.168.0.18:9000
You can test the configuration file with.
# apachectl configtest
and if everything is OK, then restart the web server.
# systemctl restart httpd
and dont forget to enable the new port (and disable the old one) in the firewall:
# firewall-cmd --zone=public --remove-port=80/tcp --permanent
# firewall-cmd --zone=public --add-port=9000/tcp --permanent
# firewall-cmd --reload
Note that, due to SELinux policies, you can only use the ports returned by
# semanage port -l | grep -w '^http_port_t'
for the web server.
If you want to use another port (i.e. TCP port 8100), you will have to add it to SELinux port context for the httpd service:
# semanage port -a -t http_port_t -p tcp 8100
![Add Apache Port to SELinux Policies](http://www.tecmint.com/wp-content/uploads/2015/05/Add-Apache-Port-to-SELinux-Policies.png)
Add Apache Port to SELinux Policies
To further secure your Apache installation, follow these steps:
1. The user Apache is running as should not have access to a shell:
# usermod -s /sbin/nologin tecmint
2. Disable directory listing in order to prevent the browser from displaying the contents of a directory if there is no index.html present in that directory.
Edit `/etc/httpd/conf/httpd.conf` (and the configuration files for virtual hosts, if any) and make sure that the Options directive, both at the top and at Directory block levels, is set to None:
Options None
3. Hide information about the web server and the operating system in HTTP responses. Edit /etc/httpd/conf/httpd.conf as follows:
ServerTokens Prod
ServerSignature Off
Now you are ready to start serving content from your /var/www/html directory.
### Configuring and Securing FTP Server ###
As in the case of Apache, the main configuration file for Vsftpd `(/etc/vsftpd/vsftpd.conf)` is well commented and while the default configuration should suffice for most applications, you should become acquainted with the documentation and the man page `(man vsftpd.conf)` in order to operate the ftp server more efficiently (I cant emphasize that enough!).
In our case, these are the directives used:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
By using `chroot_local_user=YES`, local users will be (by default) placed in a chrooted jail in their home directory right after login. This means that local users will not be able to access any files outside their corresponding home directories.
Finally, to allow ftp to read files in the users home directory, set the following SELinux boolean:
# setsebool -P ftp_home_dir on
You can now connect to the ftp server using a client such as Filezilla:
![Check FTP Connection](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FTP-Connection.png)
Check FTP Connection
Note that the `/var/log/xferlo`g log records downloads and uploads, which concur with the above directory listing:
![Monitor FTP Download and Upload](http://www.tecmint.com/wp-content/uploads/2015/05/Monitor-FTP-Download-Upload.png)
Monitor FTP Download and Upload
Read Also: [Limit FTP Network Bandwidth Used by Applications in a Linux System with Trickle][2]
### Summary ###
In this tutorial we have explained how to set up a web and a ftp server. Due to the vastness of the subject, it is not possible to cover all the aspects of these topics (i.e. virtual web hosts). Thus, I recommend you also check other excellent articles in this website about [Apache][3].
--------------------------------------------------------------------------------
via: http://www.tecmint.com/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://httpd.apache.org/docs/2.4/
[2]:http://www.tecmint.com/manage-and-limit-downloadupload-bandwidth-with-trickle-in-linux/
[3]:http://www.google.com/cse?cx=partner-pub-2601749019656699:2173448976&ie=UTF-8&q=virtual+hosts&sa=Search&gws_rd=cr&ei=Dy9EVbb0IdHisASnroG4Bw#gsc.tab=0&gsc.q=apache

197
sources/tech/RHCSA Series/RHCSA Series--Part 10--Yum Package Management, Automating Tasks with Cron and Monitoring System Logs.md Normal file
View File

@ -0,0 +1,197 @@
RHCSA Series: Yum Package Management, Automating Tasks with Cron and Monitoring System Logs Part 10
================================================================================
In this article we will review how to install, update, and remove packages in Red Hat Enterprise Linux 7. We will also cover how to automate tasks using cron, and will finish this guide explaining how to locate and interpret system logs files with the focus of teaching you why all of these are essential skills for every system administrator.
![Yum Package Management Cron Jobs Log Monitoring Linux](http://www.tecmint.com/wp-content/uploads/2015/05/Yum-Package-Management-Cron-Job-Log-Monitoring-Linux.jpg)
RHCSA: Yum Package Management, Cron Job Scheduling and Log Monitoring Part 10
### Managing Packages Via Yum ###
To install a package along with all its dependencies that are not already installed, you will use:
# yum -y install package_name(s)
Where package_name(s) represent at least one real package name.
For example, to install httpd and mlocate (in that order), type.
# yum -y install httpd mlocate
**Note**: That the letter y in the example above bypasses the confirmation prompts that yum presents before performing the actual download and installation of the requested programs. You can leave it out if you want.
By default, yum will install the package with the architecture that matches the OS architecture, unless overridden by appending the package architecture to its name.
For example, on a 64 bit system, yum install package will install the x86_64 version of package, whereas yum install package.x86 (if available) will install the 32-bit one.
There will be times when you want to install a package but dont know its exact name. The search all or search options can search the currently enabled repositories for a certain keyword in the package name and/or in its description as well, respectively.
For example,
# yum search log
will search the installed repositories for packages with the word log in their names and summaries, whereas
# yum search all log
will look for the same keyword in the package description and url fields as well.
Once the search returns a package listing, you may want to display further information about some of them before installing. That is when the info option will come in handy:
# yum info logwatch
![Search Package Information](http://www.tecmint.com/wp-content/uploads/2015/05/Search-Package-Information.png)
Search Package Information
You can regularly check for updates with the following command:
# yum check-update
The above command will return all the installed packages for which an update is available. In the example shown in the image below, only rhel-7-server-rpms has an update available:
![Check For Package Updates](http://www.tecmint.com/wp-content/uploads/2015/05/Check-For-Updates.png)
Check For Package Updates
You can then update that package alone with,
# yum update rhel-7-server-rpms
If there are several packages that can be updated, yum update will update all of them at once.
Now what happens when you know the name of an executable, such as ps2pdf, but dont know which package provides it? You can find out with `yum whatprovides “*/[executable]”`:
# yum whatprovides “*/ps2pdf”
![Find Package Belongs to Which Package](http://www.tecmint.com/wp-content/uploads/2015/05/Find-Package-Information.png)
Find Package Belongs to Which Package
Now, when it comes to removing a package, you can do so with yum remove package. Easy, huh? This goes to show that yum is a complete and powerful package manager.
# yum remove httpd
Read Also: [20 Yum Commands to Manage RHEL 7 Package Management][1]
### Good Old Plain RPM ###
RPM (aka RPM Package Manager, or originally RedHat Package Manager) can also be used to install or update packages when they come in form of standalone `.rpm` packages.
It is often utilized with the `-Uvh` flags to indicate that it should install the package if its not already present or attempt to update it if its installed `(-U)`, producing a verbose output `(-v)` and a progress bar with hash marks `(-h)` while the operation is being performed. For example,
# rpm -Uvh package.rpm
Another typical use of rpm is to produce a list of currently installed packages with code>rpm -qa (short for query all):
# rpm -qa
![Query All RPM Packages](http://www.tecmint.com/wp-content/uploads/2015/05/Query-All-RPM-Packages.png)
Query All RPM Packages
Read Also: [20 RPM Commands to Install Packages in RHEL 7][2]
### Scheduling Tasks using Cron ###
Linux and other Unix-like operating systems include a tool called cron that allows you to schedule tasks (i.e. commands or shell scripts) to run on a periodic basis. Cron checks every minute the /var/spool/cron directory for files which are named after accounts in /etc/passwd.
When executing commands, any output is mailed to the owner of the crontab (or to the user specified in the MAILTO environment variable in the /etc/crontab, if it exists).
Crontab files (which are created by typing crontab -e and pressing Enter) have the following format:
![Crontab Entries](http://www.tecmint.com/wp-content/uploads/2015/05/Crontab-Format.png)
Crontab Entries
Thus, if we want to update the local file database (which is used by locate to find files by name or pattern) every second day of the month at 2:15 am, we need to add the following crontab entry:
15 02 2 * * /bin/updatedb
The above crontab entry reads, “Run /bin/updatedb on the second day of the month, every month of the year, regardless of the day of the week, at 2:15 am”. As Im sure you already guessed, the star symbol is used as a wildcard character.
After adding a cron job, you can see that a file named root was added inside /var/spool/cron, as we mentioned earlier. That file lists all the tasks that the crond daemon should run:
# ls -l /var/spool/cron
![Check All Cron Jobs](http://www.tecmint.com/wp-content/uploads/2015/05/Check-All-Cron-Jobs.png)
Check All Cron Jobs
In the above image, the current users crontab can be displayed either using cat /var/spool/cron/root or,
# crontab -l
If you need to run a task on a more fine-grained basis (for example, twice a day or three times each month), cron can also help you to do that.
For example, to run /my/script on the 1st and 15th of each month and send any output to /dev/null, you can add two crontab entries as follows:
01 00 1 * * /myscript > /dev/null 2>&1
01 00 15 * * /my/script > /dev/null 2>&1
But in order for the task to be easier to maintain, you can combine both entries into one:
01 00 1,15 * * /my/script > /dev/null 2>&1
Following the previous example, we can run /my/other/script at 1:30 am on the first day of the month every three months:
30 01 1 1,4,7,10 * /my/other/script > /dev/null 2>&1
But when you have to repeat a certain task every “x” minutes, hours, days, or months, you can divide the right position by the desired frequency. The following crontab entry has the exact same meaning as the previous one:
30 01 1 */3 * /my/other/script > /dev/null 2>&1
Or perhaps you need to run a certain job on a fixed frequency or after the system boots, for example. You can use one of the following string instead of the five fields to indicate the exact time when you want your job to run:
@reboot Run when the system boots.
@yearly Run once a year, same as 00 00 1 1 *.
@monthly Run once a month, same as 00 00 1 * *.
@weekly Run once a week, same as 00 00 * * 0.
@daily Run once a day, same as 00 00 * * *.
@hourly Run once an hour, same as 00 * * * *.
Read Also: [11 Commands to Schedule Cron Jobs in RHEL 7][3]
### Locating and Checking Logs ###
System logs are located (and rotated) inside the /var/log directory. According to the Linux Filesystem Hierarchy Standard, this directory contains miscellaneous log files, which are written to it or an appropriate subdirectory (such as audit, httpd, or samba in the image below) by the corresponding daemons during system operation:
# ls /var/log
![Linux Log Files Location](http://www.tecmint.com/wp-content/uploads/2015/05/Linux-Log-Files.png)
Linux Log Files Location
Other interesting logs are [dmesg][4] (contains all messages from kernel ring buffer), secure (logs connection attempts that require user authentication), messages (system-wide messages) and wtmp (records of all user logins and logouts).
Logs are very important in that they allow you to have a glimpse of what is going on at all times in your system, and what has happened in the past. They represent a priceless tool to troubleshoot and monitor a Linux server, and thus are often used with the `tail -f command` to display events, in real time, as they happen and are recorded in a log.
For example, if you want to display kernel-related events, type the following command:
# tail -f /var/log/dmesg
Same if you want to view access to your web server:
# tail -f /var/log/httpd/access.log
### Summary ###
If you know how to efficiently manage packages, schedule tasks, and where to look for information about the current and past operation of your system you can rest assure that you will not run into surprises very often. I hope this article has helped you learn or refresh your knowledge about these basic skills.
Dont hesitate to drop us a line using the contact form below if you have any questions or comments.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/yum-package-management-cron-job-scheduling-monitoring-linux-logs/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement/
[2]:http://www.tecmint.com/20-practical-examples-of-rpm-commands-in-linux/
[3]:http://www.tecmint.com/11-cron-scheduling-task-examples-in-linux/
[4]:http://www.tecmint.com/dmesg-commands/

191
sources/tech/RHCSA Series/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md Normal file
View File

@ -0,0 +1,191 @@
RHCSA Series: Firewall Essentials and Network Traffic Control Using FirewallD and Iptables Part 11
================================================================================
In simple words, a firewall is a security system that controls the incoming and outgoing traffic in a network based on a set of predefined rules (such as the packet destination / source or type of traffic, for example).
![Control Network Traffic with FirewallD and Iptables](http://www.tecmint.com/wp-content/uploads/2015/05/Control-Network-Traffic-Using-Firewall.png)
RHCSA: Control Network Traffic with FirewallD and Iptables Part 11
In this article we will review the basics of firewalld, the default dynamic firewall daemon in Red Hat Enterprise Linux 7, and iptables service, the legacy firewall service for Linux, with which most system and network administrators are well acquainted, and which is also available in RHEL 7.
### A Comparison Between FirewallD and Iptables ###
Under the hood, both firewalld and the iptables service talk to the netfilter framework in the kernel through the same interface, not surprisingly, the iptables command. However, as opposed to the iptables service, firewalld can change the settings during normal system operation without existing connections being lost.
Firewalld should be installed by default in your RHEL system, though it may not be running. You can verify with the following commands (firewall-config is the user interface configuration tool):
# yum info firewalld firewall-config
![Check FirewallD Information](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FirewallD-Information.png)
Check FirewallD Information
and,
# systemctl status -l firewalld.service
![Check FirewallD Status](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FirewallD-Status.png)
Check FirewallD Status
On the other hand, the iptables service is not included by default, but can be installed through.
# yum update && yum install iptables-services
Both daemons can be started and enabled to start on boot with the usual systemd commands:
# systemctl start firewalld.service | iptables-service.service
# systemctl enable firewalld.service | iptables-service.service
Read Also: [Useful Commands to Manage Systemd Services][1]
As for the configuration files, the iptables service uses `/etc/sysconfig/iptables` (which will not exist if the package is not installed in your system). On a RHEL 7 box used as a cluster node, this file looks as follows:
![Iptables Firewall Configuration](http://www.tecmint.com/wp-content/uploads/2015/05/Iptables-Rules.png)
Iptables Firewall Configuration
Whereas firewalld store its configuration across two directories, `/usr/lib/firewalld` and `/etc/firewalld`:
# ls /usr/lib/firewalld /etc/firewalld
![FirewallD Configuration](http://www.tecmint.com/wp-content/uploads/2015/05/Firewalld-configuration.png)
FirewallD Configuration
We will examine these configuration files further later in this article, after we add a few rules here and there. By now it will suffice to remind you that you can always find more information about both tools with.
# man firewalld.conf
# man firewall-cmd
# man iptables
Other than that, remember to take a look at [Reviewing Essential Commands & System Documentation Part 1][2] of the current series, where I described several sources where you can get information about the packages installed on your RHEL 7 system.
### Using Iptables to Control Network Traffic ###
You may want to refer to [Configure Iptables Firewall Part 8][3] of the Linux Foundation Certified Engineer (LFCE) series to refresh your memory about iptables internals before proceeding further. Thus, we will be able to jump in right into the examples.
**Example 1: Allowing both incoming and outgoing web traffic**
TCP ports 80 and 443 are the default ports used by the Apache web server to handle normal (HTTP) and secure (HTTPS) web traffic. You can allow incoming and outgoing web traffic through both ports on the enp0s3 interface as follows:
# iptables -A INPUT -i enp0s3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o enp0s3 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
# iptables -A INPUT -i enp0s3 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -o enp0s3 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
**Example 2: Block all (or some) incoming connections from a specific network**
There may be times when you need to block all (or some) type of traffic originating from a specific network, say 192.168.1.0/24 for example:
# iptables -I INPUT -s 192.168.1.0/24 -j DROP
will drop all packages coming from the 192.168.1.0/24 network, whereas,
# iptables -A INPUT -s 192.168.1.0/24 --dport 22 -j ACCEPT
will only allow incoming traffic through port 22.
**Example 3: Redirect incoming traffic to another destination**
If you use your RHEL 7 box not only as a software firewall, but also as the actual hardware-based one, so that it sits between two distinct networks, IP forwarding must have been already enabled in your system. If not, you need to edit `/etc/sysctl.conf` and set the value of net.ipv4.ip_forward to 1, as follows:
net.ipv4.ip_forward = 1
then save the change, close your text editor and finally run the following command to apply the change:
# sysctl -p /etc/sysctl.conf
For example, you may have a printer installed at an internal box with IP 192.168.0.10, with the CUPS service listening on port 631 (both on the print server and on your firewall). In order to forward print requests from clients on the other side of the firewall, you should add the following iptables rule:
# iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 631 -j DNAT --to 192.168.0.10:631
Please keep in mind that iptables reads its rules sequentially, so make sure the default policies or later rules do not override those outlined in the examples above.
### Getting Started with FirewallD ###
One of the changes introduced with firewalld are zones. This concept allows to separate networks into different zones level of trust the user has decided to place on the devices and traffic within that network.
To list the active zones:
# firewall-cmd --get-active-zones
In the example below, the public zone is active, and the enp0s3 interface has been assigned to it automatically. To view all the information about a particular zone:
# firewall-cmd --zone=public --list-all
![List all FirewallD Zones](http://www.tecmint.com/wp-content/uploads/2015/05/View-FirewallD-Zones.png)
List all FirewallD Zones
Since you can read more about zones in the [RHEL 7 Security guide][4], we will only list some specific examples here.
**Example 4: Allowing services through the firewall**
To get a list of the supported services, use.
# firewall-cmd --get-services
![List All Supported Services](http://www.tecmint.com/wp-content/uploads/2015/05/List-All-Supported-Services.png)
List All Supported Services
To allow http and https web traffic through the firewall, effective immediately and on subsequent boots:
# firewall-cmd --zone=MyZone --add-service=http
# firewall-cmd --zone=MyZone --permanent --add-service=http
# firewall-cmd --zone=MyZone --add-service=https
# firewall-cmd --zone=MyZone --permanent --add-service=https
# firewall-cmd --reload
If code>zone is omitted, the default zone (you can check with firewall-cmd get-default-zone) is used.
To remove the rule, replace the word add with remove in the above commands.
**Example 5: IP / Port forwarding**
First off, you need to find out if masquerading is enabled for the desired zone:
# firewall-cmd --zone=MyZone --query-masquerade
In the image below, we can see that masquerading is enabled for the external zone, but not for public:
![Check Masquerading Status in Firewalld](http://www.tecmint.com/wp-content/uploads/2015/05/Check-masquerading.png)
Check Masquerading Status
You can either enable masquerading for public:
# firewall-cmd --zone=public --add-masquerade
or use masquerading in external. Heres what we would do to replicate Example 3 with firewalld:
# firewall-cmd --zone=external --add-forward-port=port=631:proto=tcp:toport=631:toaddr=192.168.0.10
And dont forget to reload the firewall.
You can find further examples on [Part 9][5] of the RHCSA series, where we explained how to allow or disable the ports that are usually used by a web server and a ftp server, and how to change the corresponding rule when the default port for those services are changed. In addition, you may want to refer to the firewalld wiki for further examples.
Read Also: [Useful FirewallD Examples to Configure Firewall in RHEL 7][6]
### Conclusion ###
In this article we have explained what a firewall is, what are the available services to implement one in RHEL 7, and provided a few examples that can help you get started with this task. If you have any comments, suggestions, or questions, feel free to let us know using the form below. Thank you in advance!
--------------------------------------------------------------------------------
via: http://www.tecmint.com/firewalld-vs-iptables-and-control-network-traffic-in-firewall/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/manage-services-using-systemd-and-systemctl-in-linux/
[2]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/
[3]:http://www.tecmint.com/configure-iptables-firewall/
[4]:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html
[5]:http://www.tecmint.com/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel/
[6]:http://www.tecmint.com/firewalld-rules-for-centos-7/

142
sources/tech/RHCSA Series/RHCSA Series--Part 12--Automate RHEL 7 Installations Using 'Kickstart'.md Normal file
View File

@ -0,0 +1,142 @@
RHCSA Series: Automate RHEL 7 Installations Using Kickstart Part 12
================================================================================
Linux servers are rarely standalone boxes. Whether it is in a datacenter or in a lab environment, chances are that you have had to install several machines that will interact one with another in some way. If you multiply the time that it takes to install Red Hat Enterprise Linux 7 manually on a single server by the number of boxes that you need to set up, this can lead to a rather lengthy effort that can be avoided through the use of an unattended installation tool known as kickstart.
In this article we will show what you need to use kickstart utility so that you can forget about babysitting servers during the installation process.
![Automatic Kickstart Installation of RHEL 7](http://www.tecmint.com/wp-content/uploads/2015/05/Automatic-Kickstart-Installation-of-RHEL-7.jpg)
RHCSA: Automatic Kickstart Installation of RHEL 7
#### Introducing Kickstart and Automated Installations ####
Kickstart is an automated installation method used primarily by Red Hat Enterprise Linux (and other Fedora spin-offs, such as CentOS, Oracle Linux, etc.) to execute unattended operating system installation and configuration. Thus, kickstart installations allow system administrators to have identical systems, as far as installed package groups and system configuration are concerned, while sparing them the hassle of having to manually install each of them.
### Preparing for a Kickstart Installation ###
To perform a kickstart installation, we need to follow these steps:
1. Create a Kickstart file, a plain text file with several predefined configuration options.
2. Make the Kickstart file available on removable media, a hard drive or a network location. The client will use the rhel-server-7.0-x86_64-boot.iso file, whereas you will need to make the full ISO image (rhel-server-7.0-x86_64-dvd.iso) available from a network resource, such as a HTTP of FTP server (in our present case, we will use another RHEL 7 box with IP 192.168.0.18).
3. Start the Kickstart installation
To create a kickstart file, login to your Red Hat Customer Portal account, and use the [Kickstart configuration tool][1] to choose the desired installation options. Read each one of them carefully before scrolling down, and choose what best fits your needs:
![Kickstart Configuration Tool](http://www.tecmint.com/wp-content/uploads/2015/05/Kickstart-Configuration-Tool.png)
Kickstart Configuration Tool
If you specify that the installation should be performed either through HTTP, FTP, or NFS, make sure the firewall on the server allows those services.
Although you can use the Red Hat online tool to create a kickstart file, you can also create it manually using the following lines as reference. You will notice, for example, that the installation process will be in English, using the latin american keyboard layout and the America/Argentina/San_Luis time zone:
lang en_US
keyboard la-latin1
timezone America/Argentina/San_Luis --isUtc
rootpw $1$5sOtDvRo$In4KTmX7OmcOW9HUvWtfn0 --iscrypted
#platform x86, AMD64, or Intel EM64T
text
url --url=http://192.168.0.18//kickstart/media
bootloader --location=mbr --append="rhgb quiet crashkernel=auto"
zerombr
clearpart --all --initlabel
autopart
auth --passalgo=sha512 --useshadow
selinux --enforcing
firewall --enabled
firstboot --disable
%packages
@base
@backup-server
@print-server
%end
In the online configuration tool, use 192.168.0.18 for HTTP Server and `/kickstart/tecmint.bin` for HTTP Directory in the Installation section after selecting HTTP as installation source. Finally, click the Download button at the right top corner to download the kickstart file.
In the kickstart sample file above, you need to pay careful attention to.
url --url=http://192.168.0.18//kickstart/media
That directory is where you need to extract the contents of the DVD or ISO installation media. Before doing that, we will mount the ISO installation file in /media/rhel as a loop device:
# mount -o loop /var/www/html/kickstart/rhel-server-7.0-x86_64-dvd.iso /media/rhel
![Mount RHEL ISO Image](http://www.tecmint.com/wp-content/uploads/2015/05/Mount-RHEL-ISO-Image.png)
Mount RHEL ISO Image
Next, copy all the contents of /media/rhel to /var/www/html/kickstart/media:
# cp -R /media/rhel /var/www/html/kickstart/media
When youre done, the directory listing and disk usage of /var/www/html/kickstart/media should look as follows:
![Kickstart Media Files](http://www.tecmint.com/wp-content/uploads/2015/05/Kickstart-media-Files.png)
Kickstart Media Files
Now were ready to kick off the kickstart installation.
Regardless of how you choose to create the kickstart file, its always a good idea to check its syntax before proceeding with the installation. To do that, install the pykickstart package.
# yum update && yum install pykickstart
And then use the ksvalidator utility to check the file:
# ksvalidator /var/www/html/kickstart/tecmint.bin
If the syntax is correct, you will not get any output, whereas if theres an error in the file, you will get a warning notice indicating the line where the syntax is not correct or unknown.
### Performing a Kickstart Installation ###
To start, boot your client using the rhel-server-7.0-x86_64-boot.iso file. When the initial screen appears, select Install Red Hat Enterprise Linux 7.0 and press the Tab key to append the following stanza and press Enter:
# inst.ks=http://192.168.0.18/kickstart/tecmint.bin
![RHEL Kickstart Installation](http://www.tecmint.com/wp-content/uploads/2015/05/RHEL-Kickstart-Installation.png)
RHEL Kickstart Installation
Where tecmint.bin is the kickstart file created earlier.
When you press Enter, the automated installation will begin, and you will see the list of packages that are being installed (the number and the names will differ depending on your choice of programs and package groups):
![Automatic Kickstart Installation of RHEL 7](http://www.tecmint.com/wp-content/uploads/2015/05/Kickstart-Automatic-Installation.png)
Automatic Kickstart Installation of RHEL 7
When the automated process ends, you will be prompted to remove the installation media and then you will be able to boot into your newly installed system:
![RHEL 7 Boot Screen](http://www.tecmint.com/wp-content/uploads/2015/05/RHEL-7.png)
RHEL 7 Boot Screen
Although you can create your kickstart files manually as we mentioned earlier, you should consider using the recommended approach whenever possible. You can either use the online configuration tool, or the anaconda-ks.cfg file that is created by the installation process in roots home directory.
This file actually is a kickstart file, so you may want to install the first box manually with all the desired options (maybe modify the logical volumes layout or the file system on top of each one) and then use the resulting anaconda-ks.cfg file to automate the installation of the rest.
In addition, using the online configuration tool or the anaconda-ks.cfg file to guide future installations will allow you to perform them using an encrypted root password out-of-the-box.
### Conclusion ###
Now that you know how to create kickstart files and how to use them to automate the installation of Red Hat Enterprise Linux 7 servers, you can forget about babysitting the installation process. This will give you time to do other things, or perhaps some leisure time if youre lucky.
Either way, let us know what you think about this article using the form below. Questions are also welcome!
Read Also: [Automated Installations of Multiple RHEL/CentOS 7 Distributions using PXE and Kickstart][2]
--------------------------------------------------------------------------------
via: http://www.tecmint.com/automatic-rhel-installations-using-kickstart/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:https://access.redhat.com/labs/kickstartconfig/
[2]:http://www.tecmint.com/multiple-centos-installations-using-kickstart/

176
sources/tech/RHCSA Series/RHCSA Series--Part 13--Mandatory Access Control Essentials with SELinux in RHEL 7.md Normal file
View File

@ -0,0 +1,176 @@
RHCSA Series: Mandatory Access Control Essentials with SELinux in RHEL 7 Part 13
================================================================================
During this series we have explored in detail at least two access control methods: standard ugo/rwx permissions ([Manage Users and Groups Part 3][1]) and access control lists ([Configure ACLs on File Systems Part 7][2]).
![RHCSA Exam: SELinux Essentials and Control FileSystem Access](http://www.tecmint.com/wp-content/uploads/2015/06/SELinux-Control-File-System-Access.png)
RHCSA Exam: SELinux Essentials and Control FileSystem Access
Although necessary as first level permissions and access control mechanisms, they have some limitations that are addressed by Security Enhanced Linux (aka SELinux for short).
One of such limitations is that a user can expose a file or directory to a security breach through a poorly elaborated chmod command and thus cause an unexpected propagation of access rights. As a result, any process started by that user can do as it pleases with the files owned by the user, where finally a malicious or otherwise compromised software can achieve root-level access to the entire system.
With those limitations in mind, the United States National Security Agency (NSA) first devised SELinux, a flexible mandatory access control method, to restrict the ability of processes to access or perform other operations on system objects (such as files, directories, network ports, etc) to the least permission model, which can be modified later as needed. In few words, each element of the system is given only the access required to function.
In RHEL 7, SELinux is incorporated into the kernel itself and is enabled in Enforcing mode by default. In this article we will explain briefly the basic concepts associated with SELinux and its operation.
### SELinux Modes ###
SELinux can operate in three different ways:
- Enforcing: SELinux denies access based on SELinux policy rules, a set of guidelines that control the security engine.
- Permissive: SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.
- Disabled (self-explanatory).
The `getenforce` command displays the current mode of SELinux, whereas `setenforce` (followed by a 1 or a 0) is used to change the mode to Enforcing or Permissive, respectively, during the current session only.
In order to achieve persistence across logouts and reboots, you will need to edit the `/etc/selinux/config` file and set the SELINUX variable to either enforcing, permissive, or disabled:
# getenforce
# setenforce 0
# getenforce
# setenforce 1
# getenforce
# cat /etc/selinux/config
![Set SELinux Mode](http://www.tecmint.com/wp-content/uploads/2015/05/Set-SELinux-Mode.png)
Set SELinux Mode
Typically you will use setenforce to toggle between SELinux modes (enforcing to permissive and back) as a first troubleshooting step. If SELinux is currently set to enforcing while youre experiencing a certain problem, and the same goes away when you set it to permissive, you can be confident youre looking at a SELinux permissions issue.
### SELinux Contexts ###
A SELinux context consists of an access control environment where decisions are made based on SELinux user, role, and type (and optionally a level):
- A SELinux user complements a regular Linux user account by mapping it to a SELinux user account, which in turn is used in the SELinux context for processes in that session, in order to explicitly define their allowed roles and levels.
- The concept of role acts as an intermediary between domains and SELinux users in that it defines which process domains and file types can be accessed. This will shield your system against vulnerability to privilege escalation attacks.
- A type defines an SELinux file type or an SELinux process domain. Under normal circumstances, processes are prevented from accessing files that other processes use, and and from accessing other processes, thus access is only allowed if a specific SELinux policy rule exists that allows it.
Lets see how all of that works through the following examples.
**EXAMPLE 1: Changing the default port for the sshd daemon**
In [Securing SSH Part 8][3] we explained that changing the default port where sshd listens on is one of the first security measures to secure your server against external attacks. Lets edit the `/etc/ssh/sshd_config` file and set the port to 9999:
Port 9999
Save the changes, and restart sshd:
# systemctl restart sshd
# systemctl status sshd
![Change SSH Port](http://www.tecmint.com/wp-content/uploads/2015/05/Change-SSH-Port.png)
Restart SSH Service
As you can see, sshd has failed to start. But what happened?
A quick inspection of `/var/log/audit/audit.log` indicates that sshd has been denied permissions to start on port 9999 (SELinux log messages include the word “AVC” so that they might be easily identified from other messages) because that is a reserved port for the JBoss Management service:
# cat /var/log/audit/audit.log | grep AVC | tail -1
![Inspect SSH Logs](http://www.tecmint.com/wp-content/uploads/2015/05/Inspect-SSH-Logs.png)
Inspect SSH Logs
At this point you could disable SELinux (but dont!) as explained earlier and try to start sshd again, and it should work. However, the semanage utility can tell us what we need to change in order for us to be able to start sshd in whatever port we choose without issues.
Run,
# semanage port -l | grep ssh
to get a list of the ports where SELinux allows sshd to listen on.
![Semanage Tool](http://www.tecmint.com/wp-content/uploads/2015/05/SELinux-Permission.png)
Semanage Tool
So lets change the port in /etc/ssh/sshd_config to Port 9998, add the port to the ssh_port_t context, and then restart the service:
# semanage port -a -t ssh_port_t -p tcp 9998
# systemctl restart sshd
# systemctl is-active sshd
![Semanage Add Port](http://www.tecmint.com/wp-content/uploads/2015/05/Semenage-Add-Port.png)
Semanage Add Port
As you can see, the service was started successfully this time. This example illustrates the fact that SELinux controls the TCP port number to its own port type internal definitions.
**EXAMPLE 2: Allowing httpd to send access sendmail**
This is an example of SELinux managing a process accessing another process. If you were to implement mod_security and mod_evasive along with Apache in your RHEL 7 server, you need to allow httpd to access sendmail in order to send a mail notification in the wake of a (D)DoS attack. In the following command, omit the -P flag if you do not want the change to be persistent across reboots.
# semanage boolean -1 | grep httpd_can_sendmail
# setsebool -P httpd_can_sendmail 1
# semanage boolean -1 | grep httpd_can_sendmail
![Allow Apache to Send Mails](http://www.tecmint.com/wp-content/uploads/2015/05/Allow-Apache-to-Send-Mails.png)
Allow Apache to Send Mails
As you can tell from the above example, SELinux boolean settings (or just booleans) are true / false rules embedded into SELinux policies. You can list all the booleans with `semanage boolean -l`, and alternatively pipe it to grep in order to filter the output.
**EXAMPLE 3: Serving a static site from a directory other than the default one**
Suppose you are serving a static website using a different directory than the default one (`/var/www/html`), say /websites (this could be the case if youre storing your web files in a shared network drive, for example, and need to mount it at /websites).
a). Create an index.html file inside /websites with the following contents:
<html>
<h2>SELinux test</h2>
</html>
If you do,
# ls -lZ /websites/index.html
you will see that the index.html file has been labeled with the default_t SELinux type, which Apache cant access:
![Check SELinux File Permission](http://www.tecmint.com/wp-content/uploads/2015/05/Check-File-Permssion.png)
Check SELinux File Permission
b). Change the DocumentRoot directive in `/etc/httpd/conf/httpd.conf` to /websites and dont forget to update the corresponding Directory block. Then, restart Apache.
c). Browse to `http://<web server IP address>`, and you should get a 503 Forbidden HTTP response.
d). Next, change the label of /websites, recursively, to the httpd_sys_content_t type in order to grant Apache read-only access to that directory and its contents:
# semanage fcontext -a -t httpd_sys_content_t "/websites(/.*)?"
e). Finally, apply the SELinux policy created in d):
# restorecon -R -v /websites
Now restart Apache and browse to `http://<web server IP address>` again and you will see the html file displayed correctly:
![Verify Apache Page](http://www.tecmint.com/wp-content/uploads/2015/05/08part13.png)
Verify Apache Page
### Summary ###
In this article we have gone through the basics of SELinux. Note that due to the vastness of the subject, a full detailed explanation is not possible in a single article, but we believe that the principles outlined in this guide will help you to move on to more advanced topics should you wish to do so.
If I may, let me recommend two essential resources to start with: the [NSA SELinux page][4] and the [RHEL 7 SELinux Users and Administrators][5] guide.
Dont hesitate to let us know if you have any questions or comments.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/selinux-essentials-and-control-filesystem-access/
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/rhcsa-exam-manage-users-and-groups
[2]:http://www.tecmint.com/rhcsa-exam-configure-acls-and-mount-nfs-samba-shares/
[3]:http://www.tecmint.com/rhcsa-series-secure-ssh-set-hostname-enable-network-services-in-rhel-7/
[4]:https://www.nsa.gov/research/selinux/index.shtml
[5]:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/part_I-SELinux.html

214
translated/share/20141013 Compact Text Editors Great for Remote Editing and Much More.md Normal file
View File

@ -0,0 +1,214 @@
适合于远程编辑以及更多环境的简洁文本编辑器
================================================================================
文本编辑器是用来编辑纯文本的软件。这种软件有许多用处,包括修改配置文件,编写程序源代码,记下一些想法或者甚至写一份购物列表。由于这种编辑器能都用于许多不同的活动,因此值得花些时间找一个最适合您喜好的编辑器。
不论编辑器有多么复杂,它们通常有一个共同的功能集,包括查找/替换文本,格式化文本,导入文件以及在文件中移动文本。
所有这些文本编辑器都是基于终端的应用,因此他们很适合在远程主机上编辑文件。文本编辑器通常也会提供一个图形化的用户界面,但依旧会保证快速和最小化。
基于终端的应用程序在系统资源方面也是轻量级的在低配置机器上很有用比起它的图形化版本来也会更快、更高效由于它们在X需要重启时也不会停止工作因此非常适合编写脚本。
我选择了一些我最喜欢的开源文本编辑器,他们在使用系统资源方面都非常节俭。
----------
### Textadept ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-Textadept.png)
Textadept是一款适合程序员的快速、最小化、可扩展、跨平台的开源文本编辑器。这个开源程序由C和Lua写就并且于这些年间在速度和最小化方面进行了优化。
Textadept是那些想要无限的扩展性且不愿牺牲速度或屈服于代码膨胀的程序员们的理想编辑器。
它也有一个用于终端的版本仅仅依赖ncurses适合在远程主机上进行编辑。
#### 功能包括: ####
- 轻量级
- 最小化设计以最大化屏幕
- 自包含的执行文件 - 无需安装
- 全键盘驱动
- 无限制的分割视图GUI版本以您所好任意水平或垂直的分割编辑器窗口。请注意Textadept没有打开文件标签。
- 支持多于80种的编程语言
- 强大的片段快捷命令
- 代码自动补全和API查询
- 无与伦比的扩展性
- 书签
- 查找和替换
- 在文件中查找
- 基于缓存的单词补全
- 成熟的编程语言符号自动补全以及显示API文档的功能
- 主题:明亮、黑暗、终端
- 使用词法分析器将名称分配给缓冲元素,如评论、字符串、关键词
- 远程会话
- 快速打开
- 许多可用的模块包括对Java、Python、Ruby和近期打开文件列表的支持
- 符合Gnome HIG用户接口的指导
- 支持编辑Lua代码。语法自动补全LuaDoc许多Textadept对象和Lua的标准库。
- 网址: [foicica.com/textadept][1]
- 开发者: Mitchell and contributors
- 许可证: MIT License
- 版本号: 7.7
----------
### Vim ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-vim.png)
vim是一个高级的文本编辑器它基于'vi'的强大,并拥有更全面的功能集。
这个编辑器对编程和编辑其他纯ASCII的文件十分有用。所有的命令都由普通的键盘字符提供能够使用十指来输入因而十分快捷。另外功能键可以由用户来定义并且可也以使用鼠标。
Vim通常被称作"程序员的编辑器"它十分适合于编程并被认为可以作为完整的集成开发环境。然而这个软件并不是仅仅面向程序员。Vim高度重视各种文本编辑从编写email到修改配置文件。
Vim的接口基于文本界面下的命令行。尽管它的图形化版本gVim为常用的命令添加了菜单和工具栏但这个软件的整个功能依旧依赖于它的命令行模式。
#### 功能包括: ####
- 3 种模式:
- - Command 模式
- - Insert 模式
- - Command line 模式
- 无限制的撤销
- 多个窗口和缓冲区
- 平滑的输入模式
- 根据所编辑的文件的类型使用不同的颜色或风格进行语法高亮
- 交互命令
- - 标记一行
- - vi 行缓冲
- - 移动代码块
- 块操作
- 命令历史
- 扩展的正则表达式
- 编辑压缩/打包文件 (gzip, bzip2, zip, tar)
- 文件名补全
- 标记跳转
- 折叠文本
- 缩进
- ctags和cscope整合
- 100%与vi的模式兼容
- 插件用于添加/扩展功能
- 宏
- vimscript, Vim的内部脚本
- Unicode支持
- 多语言支持
- 在线帮助支持
- 网址: [www.vim.org][2]
- 开发者: Bram Moolenaar
- 许可证: GNU GPL compatible (charityware)
- 版本号: 7.4
----------
### ne ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-ne.png)
ne是一款全屏幕的开源文本编辑器。它像是一个比vi更容易学习的vi替代物并且可以在POSIX-兼容的系统中便携使用。
ne对于新手来说易于使用但也非常强大并有完全可配置的引导程序并且在资源使用上十分节约。
#### 功能包括: ####
- 三种用户接口: 控制击键,命令行和菜单;击键和菜单都可配置
- 语法高亮
- 对于UTF-8文件的完全支持包括多列字符
- 文档,剪切,显示的维度和文件/行号长度都有编号,并且仅受制于机器的整型字长
- 简单的脚本语言,脚本可以用简单易理解的录制/播放的方式制作
- 无限制的撤销/重做功能(可以通过命令禁用)
- 基于被编辑的文件扩展的自动个性化配置系统
- 使用您文档中的词语做字典来进行自动前缀补全
- 易用的文件存取功能
- 扩展的正则表达式可用于查找和替换类似emacs和vi
- 非常紧凑的内存模型,在加载和修改大型文件时十分快速
- 可编辑二进制文件
- 网址: [ne.di.unimi.it][3]
- 开发者: Sebastiano Vigna (original developer). Additional features added by Todd M. Lewis
- 许可证: GNU GPL v3
- 版本号: 2.5
----------
### Zile ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-Zile.png)
Zile是Lossy EmacsEmacs精简版它是一个小型的Emacs的克隆版。Zile是一个可定制的自文档化实时显示的编辑器在编写Zile时像Emacs一样尽可能的小每个Emacs用户都会对Zile感到亲切。
Zile以它极小的RAM用量大约130KB以及快速开始编辑而闻名。它是8比特清洁的允许用于编写任何种类的文件。
#### 功能包括: ####
- 小型但快速、强大
- 多个缓冲区,允许多级的撤销
- 多窗口
- 好用,有力【不太清楚怎么翻译】
- 以最小的缓冲区完成补全
- 自动填充 (自动换行)
- 寄存器视图
- 看起来像Emacs键序列、功能和变量名都与Emacs相同
- Killing
- Yanking
- 自动行末检测
- 网址: [www.gnu.org/software/zile][4]
- 开发者: Reuben Thomas, Sandro Sigala, David A. Capello
- 许可证: GNU GPL v2
- 版本号: 2.4.11
----------
### nano ###
![](http://www.linuxlinks.com/portal/content/reviews/Editors/Screenshot-nano.png)
nano是基于curses库的文本编辑器。它是PicoPine电子邮件客户端编辑器的一个复刻版。
由于Pine的许可证问题诉讼案Pine并未以开源许可证发布并且也因为Pine缺少一些重要的功能nano项目于1999年开始。
nano致力于赶上Pico的功能和其易用性与此同时提供更多的功能但不集成Pine/Pico的邮件客户端。
nano像Pico一样是以键盘为导向的设计可以用控制键来控制。
#### 功能包括: ####
- 交互式的查找和替换
- 彩色语法高亮
- 转到行号和列号处
- 自动缩进
- 功能开关
- 支持UTF-8
- 混合型的文件类型自动转换
- 逐字输入模式
- 多个文件缓冲区
- 平滑滚动
- 括号匹配
- 自定义引用字符串
- 备份文件
- 国际化支持
- tab补全文件名
- 网址: [nano-editor.org][5]
- 开发者: Chris Allegretta, David Lawrence, Jordi Mallach, Adam Rogoyski, Robert Siemborski, Rocco Corsi, David Benbennick, Mike Frysinger
- 许可证: GNU GPL v3
- 版本号: 2.2.6
--------------------------------------------------------------------------------
via: http://www.linuxlinks.com/article/20141011073917230/TextEditors.html
作者Frazer Kline
译者:[wwy-hust](https://github.com/wwy-hust)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://foicica.com/textadept/
[2]:http://www.vim.org/
[3]:http://ne.di.unimi.it/
[4]:http://www.gnu.org/software/zile/
[5]:http://nano-editor.org/

180
translated/tech/20150515 Install 'Tails 1.4′ Linux Operating System to Preserve Privacy and Anonymity.md Normal file
View File

@ -0,0 +1,180 @@
安装 Tails 1.4 Linux 操作系统来保护隐私和保持匿名
================================================================================
在这个互联网世界和互联网的世界中,我们在线执行我们的大多数任务,无论是订票,汇款,研究,商务,娱乐,社交网络,还是其他。每天我们花费大部分时间在网络上。在每个逝去的日子里,在网络中保持匿名变得越来越难,尤其是在被某些机构例如 NSA (National Security Agency国安局) 植入后门的情况下,这些机构嗅探着我们在网络中的所有动作。在网络中,我们有着极少,或者说根本就没有隐私。基于用户浏览网络的活动和机器的活动的搜索都被记录了下来。
一个来自于 Tor 项目的绝妙浏览器正被上百万人使用,它帮助我们匿名地浏览网络,即使这样,跟踪你的浏览习惯也并不难,所以只使用 Tor 并不能保证你的网络安全。你可以从下面的链接中查看 Tor 的特点及安装指南。
- [使用 Tor 来进行匿名网络浏览][1]
Tor 项目中有一个名为 Tails 的操作系统。Tails (The Amnesic Incognito Live System) 是一个 live 操作系统,基于 Debian Linux 发行版本,主要着眼于在浏览网络时在网络中保护隐私和匿名,这意味着所有的外向连接都强制通过 Tor 来连接,直接的(非匿名的) 连接请求都会被阻挡。该系统被设计为可在任何可启动介质上运行,例如 USB 或 DVD。
Tails OS 的最新稳定发行版本为 1.4 于 2015 年 5 月 12 日发行。Tails 由开源单片 Linux 内核支持,构建在 Debian GNU/Linux 之上,着眼于个人电脑市场, 使用 GNOME 3 作为其默认的用户界面。
#### Tails OS 1.4 的特点 ####
- Tails 是一个 free 的操作系统, free 的意义正如 免费(free)啤酒和言论自由(free) 中的 free
- 构建在 Debian/GNU Linux 操作系统之上, Debian 是使用最广泛的通用操作系统
- 着眼于安全的发行版本
- 有 Windows 8 外观作为其伪装
- 不必安装就可以使用 Live Tails CD/DVD 来匿名浏览网络
- 当 Tails 运行时,不留下任何痕迹
- 使用先进的加密工具来加密任何相关文件,邮件等内容
- 通过 Tor 网络来发送和接收流量
- 在真正意义上为任何人在任何地方保护隐私
- 在 Live 环境中带有一些可用的应用
- 系统自带的所有软件都预先配置好只通过 Tor 网络来连接到互联网
- 任何不通过 Tor 网络而尝试连接网络的应用都将被自动阻拦。
- 限制那些想查看你正在浏览什么网站的人的行动,并限制网站获取你的地理位置
- 连接到那些被墙或被审查的网站
- 特别设计不使用主操作系统的空间,即使在 swap 空间还有空余的情况下
- 整个操作系统加载在 RAM 中,在每次重启或关机后会自动擦除掉,所以不会留下任何运行的痕迹。
- 先进的安全实现,通过加密 USB 磁盘, HTTPS 应答加密和对邮件,文档进行签名。
#### 在 Tails 1.4 中可期待的东西 ####
- 带有安全滑块的 Tor 浏览器 4.5
- Tor 被升级到版本 0.2.6.7
- 修补了几个安全漏洞
- 针对诸如 curl, OpenJDK 7, tor Network, openldap 等应用, 许多漏洞被修复并打上了补丁
要得到完整的更改记录,你需要访问 [这里][2]
**注意**: 假如你使用 Tails 的任何旧版本,强烈建议升级到 Tails 1.4 。
#### 为什么我应该使用 Tails 操作系统 ####
你需要 Tails 因为你想:
- 在网络监控下保持自由
- 捍卫自由,隐私和秘密
- 流量分析下保持安全
这个教程将带你了解 Tails 1.4 操作系统的安装并给出一个简短的评论。
### Tails 1.4 安装指南 ###
1. 为了下载最新的 Tails OS 1.4,你可以使用 wget 命令来直接下载它
$ wget http://dl.amnesia.boum.org/tails/stable/tails-i386-1.4/tails-i386-1.4.iso
或者你可以直接下载 Tails 1.4 的 ISO 镜像文件,或使用一个 Torrent 客户端来为你获取 ISO 镜像文件:
- [tails-i386-1.4.iso][3]
- [tails-i386-1.4.torrent][4]
2. 下载后,可使用 SHA256SUM 来获取 ISO 文件的哈希值并与官方提供的值相比较,以核实 ISO 文件的完整性
$ sha256sum tails-i386-1.4.iso
339c8712768c831e59c4b1523002b83ccb98a4fe62f6a221fee3a15e779ca65d
假如你熟悉 OpenPGP ,将 Tails 的签名密钥与 Debian 的 keyring 相比较以验证其签名,若想了解任何有关 Tails 的加密签名,请将浏览器指向 [这里][5]
3. 下一步,你需要将镜像写入 USB 或 DVD ROM 中。或许你需要看看这篇文章 [如何创建一个 Live 可启动的 USB][6] 以了解如何使得一个闪存驱动器变得可启动并向它写入 ISO 镜像文件。
4. 插入 Tails OS 可启动闪存驱动器或 DVD ROM并从那里启动 (在 BIOS 中选择该介质来启动)。第一个屏幕中会有两个选项 'Live' 和 'Live (failsafe)' 让你选择。选择 'Live' 并确定。
![Tails 启动菜单](http://www.tecmint.com/wp-content/uploads/2015/05/1.png)
Tails 启动菜单
5. 在登录之前,你有两个选项, 假如你想配置并设定高级选项,点击 '更多选项' 否则点击 'NO'。
![Tails 欢迎界面](http://www.tecmint.com/wp-content/uploads/2015/05/2.png)
Tails 欢迎界面
6. 在点击高级选项后,你需要设置 root 密码。假如你想升级它,这是非常重要的。这个 root 密码将会一直有效,知道你关机或重启。
另外,若你想开启 Windows 伪装,假如你想在一个公共场所运行这个操作系统,这将使得看起来你正在运行 Windows 8 操作系统。这真是一个好的选项!不是吗?另外,你还有一个选项来配置 网络和 Mac 地址,当一切准备完毕后,点击 '登录'
![Tails OS 的配置](http://www.tecmint.com/wp-content/uploads/2015/05/3.png)
Tails OS 的配置
7. 这是使用 Windows 皮肤伪装的 Tails GNU/Linux OS
![Tails 的 Windows 伪装](http://www.tecmint.com/wp-content/uploads/2015/05/4.jpg)
Tails 的 Windows 伪装
8. 系统将在后台启动 Tor 网络。在屏幕的右上角查看通知 Tor 已经准备好了 或现在你已经连接上了互联网。
你也可以在 Internet 菜单下查看它包含了哪些东西。 注意 它包含有 Tor 浏览器(安全的) 和 不安全的网络浏览器(其中的向内和向外数据不通过 Tor 网络) 和其他应用。
![Tails 菜单和工具](http://www.tecmint.com/wp-content/uploads/2015/05/5.jpg)
Tails 菜单和工具
9. 点击 Tor 并检查你的 IP 地址。 它确认我的物理位置没有被分享以及我的隐私未被触动。
![在 Tails 上检查隐私](http://www.tecmint.com/wp-content/uploads/2015/05/6.jpg)
在 Tails 上检查隐私
10. 你还可以激活 Tails 安装器来从 ISO 镜像文件中 克隆和安装, 克隆和升级以及升级系统。
![Tails 安装器选项](http://www.tecmint.com/wp-content/uploads/2015/05/7.jpg)
Tails 安装器选项
11. 其他选项为选择 Tor 不带有高级选项,就在登录之前。(查看上面的第 5 步).
![Tails 未带有高级选项](http://www.tecmint.com/wp-content/uploads/2015/05/8.png)
Tails 未带有高级选项
12. 你将登录到 Gnome3 桌面环境。
![Tails Gnome 桌面](http://www.tecmint.com/wp-content/uploads/2015/05/9.png)
Tails Gnome 桌面
13. 假如你点击启动不安全的浏览器,无论在带有伪装,还是没有带有伪装的情况下,你都将会收到弹窗通知。
![Tails 浏览通知](http://www.tecmint.com/wp-content/uploads/2015/05/10.png)
Tails 浏览通知
假如你仍启动不安全的浏览器,你将在浏览器中看到如下网页:
![Tails 浏览警告](http://www.tecmint.com/wp-content/uploads/2015/05/11.png)
Tails 浏览警告
#### Tails 适合我吗?####
要想得到上面问题的答案,首先回答如下的问题:
- 在上网时,你想你的隐私未被触动吗?
- 你想在身份信息窃取者的眼皮底下保持隐身吗?
- 你想在你的网上私人聊天过程中被他人嗅探吗?
- 你真的想向任何人展示你的地理位置吗?
- 你开展银行网上交易吗?
- 你愿意受政府和 ISP(注:网络提供商) 的审查吗?
假如以上问题中,任意一个问题的答案为 'YES',则你最好需要 Tails。假如上面所有的问题的答案都是 'NO',则或许你不需要它。
想对 Tails 了解更多?请将你的浏览器指向它的用户文档页面:
文档: [https://tails.boum.org/doc/index.en.html][7]
### 总结 ###
对于那些工作在不安全环境中的人来说Tails 是一个必需的操作系统。Tails 还是一个着眼于安全的操作系统,现在为止,包含一大批应用 Gnome 桌面, Tor, Firefox (Iceweasel), Network Manager, Pidgin, Claws mail, Liferea feed addregator, Gobby, Aircrack-ng, I2P。
同时,它含有一些有关加密和隐私的工具,即 UKS, GNUPG, PWGen, Shamirs Secret Sharing, Virtual Keyboard (against Hardware Keylogging), MAT, KeePassX Password Manager 等。
这就是全部了。关注 Tecmint。请分享你的有关 Tails GNU/Linux 操作系统的想法。对于这个项目的未来,你怎么看?同时在实际中测试它,并让我们获知你的体验感受。
你也可以在 [Virtualbox][8] 中运行它。 Tails 在 RAM 中加载整个操作系统,所以在 VM 中你需要给定足够的 RAM 来运行 Tails。
我在 1GB 的环境中测试了 Tails它工作起来毫无滞后感。谢谢我们的所有用户的支持。使 Tecmint 成为一个包含所有 Linux 相关信息的地方,你的合作是必需的。 Kudos
--------------------------------------------------------------------------------
via: http://www.tecmint.com/install-tails-1-4-linux-operating-system-to-preserve-privacy-and-anonymity/
作者:[Avishek Kumar][a]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/avishek/
[1]:http://www.tecmint.com/tor-browser-for-anonymous-web-browsing/
[2]:https://tails.boum.org/news/version_1.4/index.en.html
[3]:http://dl.amnesia.boum.org/tails/stable/tails-i386-1.4/tails-i386-1.4.iso
[4]:https://tails.boum.org/torrents/files/tails-i386-1.4.torrent
[5]:https://tails.boum.org/download/index.en.html#verify
[6]:http://www.tecmint.com/install-linux-from-usb-device/
[7]:https://tails.boum.org/doc/index.en.html
[8]:http://www.tecmint.com/install-virtualbox-on-redhat-centos-fedora/